Ubuntu

If you are planning to run an Ubuntu 16.04 server, this tutorial will guide you through the initial setup and modification of configuration files that are necessary for basic security and functionality of your server. This guide assumes that you are hosting your server from a VPS or cloud provider like DigitalOcean and Vultr.

Procedures:

  1. Login and Update
  2. Install CSF
  3. Create Non-Root User
  4. Generate SSH Key Pairs
  5. Disable Root Login and Password Authentication

 

Step 1 – Login and Update

When a server is initially deployed, you would receive an automated email from your host containing the root credentials that you could use to access your box. Along with the credentials, you would also see the public IP address assigned to your server. This information is needed to access your server.

How you access your system depends on what OS you are using. Below are guides for macOS (which can also be followed for Unix-based OSes) and Windows.

 

macOS

You can use the default Terminal App that is pre-installed on Apple laptops and computers. From your desktop, click Go > Utilities > Terminal. Here is the command to connect to your newly deployed Ubuntu server:

Replace SERVER_PUBLIC_IP_ADDRESS with the one assigned to you by your host. This can be found in the server deployment email or in your host’s control panel.

 

Windows

PuTTY InterfaceWindows does not have a native SSH client therefore, we would need to download a third-party client called PuTTY.

To login, just fill up the following fields with your server’s information:

  • IP Address: SERVER_PUBLIC_IP_ADDRESS
  • Port: 22
  • Connection Type: SSH

Click connect after you input the correct information.

Once you are in your server, the first thing I suggest is to edit your ~/.profile and append the following to optimize your command logging and beautify your shell.

Hint: Use vim ~/.profile command

I always set the root’s prompt to red so that I can easily identify whether I am logged in as root or as a non-root user.

Save and close the file by issuing :x and enter.

Next, update the server and reconfigure the clock to your preferred timezone.

 

Step 2 – Install CSF

Config Server Firewall (CSF) is a suite of scripts designed for Linux distributions which provides an intuitive interface to easily manage your firewall and security configurations. The following commands would download and install the latest CSF into your server.

Once installed, adjust the configuration file to enable it and provide basic security that you need: vim ~/etc/csf/csf.conf. Edit the following variables:

Set your own UI_USERNAMEUI_PASSWORD, and SSHD_PORT.

CSF includes a beautiful UI that you can use and access via your web browser to check or adjust your server’s security-related activities. Enable it using the following;

Note: You need to add your Public IP to the /etc/csf/ui/ui.allow file. Refer to the 2nd line.

 

Step 3 – Create Non-Root User

At this stage, you are logged in as the all-powerful root user. It is advisable that you create an alternative user with a limited scope of access.

Replace USERNAME with your username of choice.

Adding the new user in the sudo group grants it administrative privileges. The sudo group allows its members to execute commands as root when needed by prepending sudo in any command you want to run with elevated privileges. Example: sudo systemctl restart sshd

At this moment, you are still logged in as root. It’s time to switch to the new non-user you have created:

Once you have switched to your new user, edit its ~/.profile as we did with the root account and append the following:

Source the file after saving it to apply the modifications to the current session.

 

Leave a Reply