How to secure a Debian Server
I just want to show you some tools/methods for securing your Debian/Ubuntu-server.
Secure your SSH-login (please open /etc/ssh/sshd_config):
– forbid root-login
– only allow SSH-login with SSH-key (no password login)
– change your SSH-port (for example Port 2020 instead of 22)
– if you have more than one IP-Adress which is accessible from everywhere, you should make your SSH-Daemon listen to only one IP-Adress
(replace 18.104.22.168 with the IP-Adress you want your SSH-Daemon to listen to)
Install Updates regularly:
apt-get update && apt-get upgrade
Use fail2ban for prohibiting bruteforce-attacks:
– Simply install that tool via aptitude
Find rootkits with rkhunter: (rkhunter)
– You can install rkhunter via aptitude
If you did all these changes applying the SSH-settings and you installed fail2ban and rhunter you can say that your server is quite secure. Of course, this is no guarantee that your server won’t be hacked, but it makes it much harder.