Securing Your Server,Application and Network
You just created a new EC2 instance or digitalocean droplet.
No matter what’s your Tech STACK.
Regardless of your position.
we will implement or configure below mentioned modules.
and pass all IT security compliance checklist. :)
Create a New User and disable SSH login for root
- Add the user. In the following example, we will use the user name admin. The command adduser will automatically create the user, initial group, and home directory.
[root@root ~]# adduser admin [root@root ~]# id admin uid=10018(admin) gid=10018(admin) groups=10018(admin) [root@root ~]# ls -lad /home/admin/ drwx------ 2 admin admin 4096 Jun 25 16:01 /home/admin/
2. Set the password for the admin user. When prompted, type and then retype the password.
[root@root ~]# passwd admin Changing password for user admin. New UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully. [root@root ~]#
3. For sudo permissions for your new admin user, use the following command.
[root@root ~]# echo 'admin ALL=(ALL) ALL' >> /etc/sudoers
4. SSH to the server with the new admin user and ensure that the login works.
[root@root ~]# ssh admin@my.ip.or.hostname admin@my.ip.or.hostname's password: [admin@admin ~]$
5. Verify that you can su (switch user) to root with the admin user.
[admin@admin ~]$ su - Password: [root@root ~]$ whoami root
6. To disable root SSH login, edit /etc/ssh/sshd_config with your favorite text editor.
[root@root ~]# vi /etc/ssh/sshd_config
Change this line:
#PermitRootLogin yes
Edit to this:
PermitRootLogin no
7. Ensure that you are logged into the box with another shell before restarting sshd to avoid locking yourself out of the server
[root@root ~]# /etc/init.d/sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ] [root@root ~]#
You will now be able to connect to your server via ssh with the admin user and then use the command su to switch to the root user.
Set Up a Basic Firewall
Ubuntu 16.04 servers can use the UFW firewall to make sure only connections to certain services are allowed. We can set up a basic firewall very easily using this application.
Different applications can register their profiles with UFW upon installation. These profiles allow UFW to manage these applications by name. OpenSSH, the service allowing us to connect to our server now, has a profile registered with UFW.
You can see this by typing:
- sudo ufw app list
OutputAvailable applications:
OpenSSH
We need to make sure that the firewall allows SSH connections so that we can log back in next time. We can allow these connections by typing:
- sudo ufw allow OpenSSH
Afterwards, we can enable the firewall by typing:
- sudo ufw enable
Type “y” and press ENTER to proceed. You can see that SSH connections are still allowed by typing:
- sudo ufw status
OutputStatus: activeTo Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
If you install and configure additional services, you will need to adjust the firewall settings to allow acceptable traffic in. You can learn some common UFW operations in this guide.
Protect SSH with Fail2Ban
solve performance, scaling and proxy issues
upgrade openssl
sudo apt-get update
sudo apt-get upgrade openssl
Secure Nginx
You can use the Qualys SSL Labs Report to see how your server configuration scores:
In a web browser:https://www.ssllabs.com/ssltest/analyze.html?d=example.com
This SSL setup should report an A+ rating.
Set Up Nginx with HTTP/2
Just did a test with the check tool by KeyCDN
Protect your API
Authentication and information exchange
IT Infrastructure Monitoring
@Programmers :: Like, comment and share. Help us to improve and make this article productive.
