In this article, I show you all the steps needed to secure a web server and improve your security. I recommend doing all of these things on every installation. Also, just because you secure your server doesn’t mean you can neglect it. I highly recommend monitoring it and adjusting security as needed. Monitoring is required for proper security in my opinion.
Secure A Web Server Steps
sudo ufw status
Do Global blocks
Change SSH to Key
ssh-keygen -t rsa
Transfer to Server
Transfer pub ssh key to server
Copy key and place in authorized_key file in one command
ssh-copy-id -i ~/.ssh/id_rsa.pub firstname.lastname@example.org
Secure a Web Server Disabling Password Auth through SSH
Change the following lines in /etc/sshd_config
ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no PermitRootLogin no
Enable security features
Prevent IP Spoof /etc/host.conf
Change File to mirror below:
order bind,hosts multi on nospoof on
Check Listening Ports
You will now have completed the basics of a secure web server!
I live stream on Twitch and encourage you to drop in and ask a question. I regularly publish on YouTube and christitus.com, but if you need immediate assistance, check out the Terminal Cafe with Discord Invite Link.