In this article, I show you all the steps needed to secure a web server and improve your security. I recommend doing all of these things on every installation. Also, just because you secure your server doesn’t mean you can neglect it. I highly recommend monitoring it and adjusting security as needed. Monitoring is required for proper security in my opinion.
Secure A Web Server Steps
Install UFW
|
|
Verify
sudo ufw status
Do Global blocks
|
|
Change SSH to Key
Remote Machine: ssh-keygen -t rsa
Transfer to Server
Method 1:
Transfer pub ssh key to server
|
|
Method 2:
Copy key and place in authorized_key file in one command
ssh-copy-id -i ~/.ssh/id_rsa.pub user@server.com
Secure a Web Server Disabling Password Auth through SSH
Change the following lines in /etc/sshd_config
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
PermitRootLogin no
Edit /etc/sysctl.conf
Enable security features
Prevent IP Spoof /etc/host.conf
Change File to mirror below:
order bind,hosts
multi on
nospoof on
Install Fail2Ban
|
|
Check Listening Ports
netstat -tunlp
You will now have completed the basics of a secure web server!
Video Walkthrough
Note: YouTube Video - Hold Ctrl + Left Click to open in new window
Chris Titus Tech
Social
- Twitter - https://twitter.com/christitustech
- YouTube - https://youtube.com/c/ChrisTitusTech
- Twitch - https://twitch.tv/christitustech
- Odysee / LBRY (Privacy) - https://christitus.com/lbry
Exclusive Content
- ChrisTitus.com Members Section (CC Only)
- Digital Downloads with Guides and Pre-Built Images
- Monthly Members Only Video
- $5 Per Month (100% of Proceeds goes to Chris Titus Tech)
- YouTube Chris Titus Tech Membership (All Payments Accepted)
- Monthly Members Only Video
- YouTube Emojis for Comments and Live Chat
- YouTube Badges that changes based on membership time for comments and chat.
- All YouTube comments are highlighted when I review comments daily.
- $4.99 Per Month (70% of the Proceeds goes to Chris Titus Tech)