Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- **** Quickstart Linux VPS ****
- - Preparation
- apt-get update && apt-get install nano mc htop -y
- - Install Fail2Ban to block (SSH) bruteforce attempts
- - Source: https://www.rapidseedbox.com/kb/secure-vps-fail2ban
- apt-get update && apt-get install fail2ban -y
- update-rc.d fail2ban defaults
- nano /etc/fail2ban/jail.d/apache.conf
- [apache-auth]
- enabled = true
- [apache-badbots]
- enabled = true
- [apache-noscript]
- enabled = true
- [apache-overflows]
- enabled = true
- [apache-nohome]
- enabled = true
- [apache-botsearch]
- enabled = true
- [apache-fakegooglebot]
- enabled = true
- [apache-modsecurity]
- enabled = true
- [apache-shellshock]
- enabled = true
- nano /etc/fail2ban/jail.d/sshd.conf
- [sshd]
- enabled = true
- [sshd-ddos]
- enabled = true
- fail2ban-client status
- - Firewall UFW
- sudo apt-get install ufw
- ufw allow 53
- ufw allow 123/udp
- ufw allow 68/udp
- ufw allow 22
- ufw allow 80
- ufw allow 443
- ufw allow out 53
- ufw allow out 80
- ufw allow out 443
- sudo ufw default deny outgoing
- sudo ufw default deny incoming
- sudo ufw enable
- - Add new user with sudo permissions
- apt-get install sudo
- adduser freek
- adduser freek sudo
- - Schedule automatic updates
- https://241931348f64b1d1.wordpress.com/2016/09/27/how-to-schedule-automatic-updates-on-ubuntu-server-16-04/
- - Harden server
- https://www.thefanclub.co.za/how-to/how-secure-ubuntu-1604-lts-server-part-1-basics
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement