In this article, I show you all the steps needed to secure a web server and improve your security. I recommend doing all of these things on every installation. Also, just because you secure your server doesn’t mean you can neglect it. I highly recommend monitoring it and adjusting security as needed. Monitoring is required for proper security in my opinion.
Secure A Web Server Steps
sudo ufw status
Do Global blocks
Change SSH to Key
ssh-keygen -t rsa
Transfer to Server
Transfer pub ssh key to server
Copy key and place in authorized_key file in one command
ssh-copy-id -i ~/.ssh/id_rsa.pub email@example.com
Secure a Web Server Disabling Password Auth through SSH
Change the following lines in /etc/sshd_config
ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no PermitRootLogin no
Enable security features
Prevent IP Spoof /etc/host.conf
Change File to mirror below:
order bind,hosts multi on nospoof on
Check Listening Ports
You will now have completed the basics of a secure web server!
I live stream on Chris Titus Tech YouTube Channel every Friday at 10 AM CST and archive clips to Titus Tech Talk. I also regularly publish to christitus.com, but if you’d like to contact me directly or want to contribute to help keep these articles and videos being made consider joining the CTT members.
Two Memberships exist:
- ChrisTitus.com Members Section (CC Only)
- Full Archive of All Unlisted Live Streams
- Direct Members Only Email
- Monthly Members Only Video
- Starting at $2 Per Month (100% of Proceeds goes to Chris Titus Tech)
- YouTube Chris Titus Tech Membership (All Payments Accepted)
- YouTube Emojis for Comments and Live Chat
- YouTube Badges that changes based on membership time for comments and chat.
- All YouTube comments are highlighted when I review comments daily.
- Immediate Access to Full Live Streams
- $4.99 Per Month (70% of the Proceeds goes to Chris Titus Tech)