Today we are going to learn that how you can take initial steps to secure and harden your freshly installed Ubuntu 20.04 system in order to stay secure. Just follow the below guide to initial server setup on Ubuntu 20.04 to keep you away from attackers.
Step 1: Upgrade Your System
Make sure that you’ve the fresh updates and all packages are upgraded successfully. Run the below command to update and upgrade your Ubuntu 20.4.
sudo apt update && sudo apt upgrade -y
Step 2: Add User Account for Ubuntu 20.04
Make sure you’ve created a system user. Root user is not recommended for work on Ubuntu 20.04. Type the below command to add a user to the Server.
sudo adduser sysadmin
Then add this user to the sudo group by hitting the following command to attain sudo privileges.
sudo usermod -aG sudo sysadmin
Step 3: Enable Secure SSH Server
To enable secure SSH access, first of all change the default SSH port and also make sure to disable the remote root SSH login. Because default ports are open to attackers and they can easily try to get into your system. To do this edit the file /etc/ssh/ssh_config with your favorite editor.
Port 2222
PermitRootLogin no
Step 4: Set Key Based SSH On Ubuntu 20.04
We recommend you to prefer the key-base SSH login instead of using a password. Run the below command to generate the SSH key on Ubuntu 20.4.
ssh-keygen
sabi@Ubuntu:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/sabi/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/sabi/.ssh/id_rsa
Your public key has been saved in /home/sabi/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:lcgQhanDckHCU3qX0PrFpFqcwqMC0l9qU+n1JCPwGLg sabi@Ubuntu
The key's randomart image is:
+---[RSA 3072]----+
| ..++.o=. |
| +o+.++.. . |
| ..=.Xo*o o |
|o E.@.@ *.. |
|o = % +S= |
|. . * o . |
| . . . |
| |
| |
+----[SHA256]-----+
Then copy the new public key .ssh/id_rsa.pub file data to server ~/.ssh/authorized_keys file. For convenience, you can also run the following command.
ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
And login without any password.
ssh [email protected]
Step 5: Configuring Firewall with FirewallD on Ubuntu 20.04
As firewalld is not installed on the Ubuntu 20.04 so install it by the following command.
sudo apt install firewalld
Then start and enable the firewalld services to take effect.
systemctl start firewalld
systemctl enable firewalld
As firewall only allow SSH access to remote users you may add other services as you needed. Here I’m going to add http and https the command will be like
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
Note: Firewall uses the /etc/services file to check the ports of the services. If some ports are not included in /etc/services, you can add like below.
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --permanent --add-port=10000/tcp
You can reload the changes by typing
firewall-cmd --reload
To see a list of all the allowed services run
firewall-cmd --permanent --list-all
So, this is how you can take initial server setup to harden your system Ubuntu 20.04.
