Server Security ABC
Bare minimum configuration to secure your own server. Nothing fancy here, just basic setup to do right after OS install.
Disable password login. Use SSH to manage your server, never a password.
# On your control machine. ssh-keygen -t rsa cat ~/.ssh/id_rsa.pub | pbcopy # copy to clipboard # On the remote server. touch ~/.ssh/authorized_keys chmod 0700 ~/.ssh/authorized_keys pbpaste > ~/.ssh/authorized_keys # paste public key to the file
vim /etc/ssh/sshd_config # => ChallengeResponseAuthentication no # => PasswordAuthentication no # => UsePAM no # Then restart SSH daemon. service sshd restart
Restrict port access on the software level. You might also change the SSH port from 22 to something else, but not necessary.
iptables -I INPUT 1 --dport 22 -j ACCEPT iptables -I INPUT 2 --dport 80 -j ACCEPT # the last entry should be to deny everything else iptables -A INPUT -j DROP service iptables save
Layer your web servers with reverse proxies for additional security. Use nginx to redirect 80 to other applications with higher port numbers. Then use
htpasswd Apache tool to generate
auth_basic_user_file configuration for the reverse proxy
- Linux Magazine, June 2017