Securing a fresh Ubuntu server [closed]
Solution 1:
I can't think of any Ubuntu-specific tweaks, but here's a few that apply to all distributions:
- Uninstall all unnecessary packages
- Use public-key only authentication in SSH
- Disable root logins via SSH (doesn't apply to Ubuntu)
- Use the production settings for PHP (php.ini-recommended)
- Configure MySQL to use sockets only
Of course this list isn't complete, and you'll never be completely safe, but it covers all the exploits I have seen in real life.
Also, the exploits I have seen were almost always related to unsecure user code, not unsecure configuration. The default configurations in minimal, server distributions tend to be pretty secure.
Solution 2:
One quick thing that I do early on is install DenyHosts. It will regularly look through the /var/log/secure, looking for failed logins, and after a couple of failures, block the IP. I set it to block after the first no-such-user, on the second attempt at root, and after a couple of tries for real users (in case you mess up, but you should be using a SSH public key to login).
Solution 3:
Ubuntu is based off Debian and I've found the Securing Debian Manual to be very useful in Debian-based distributions in completely walking you through your system and checking every part. It's basically a really, really comprehensive answer to your question.
Solution 4:
I usually install RKHunter, which scans for rootkits and does integrity checks of various important system binaries. It's in the standard repo, and will run daily from cron. It's not perfect, securitywise, but it's a low-effort item to add, and it provides a measure of protection.
Solution 5:
Install logcheck, but tweak so that you never receive messages from regular events, otherwise you'll get in the habit of ignoring the emails.
Check which processes are listening using netstat, and make sure nothing's running that doesn't need to run. Many daemons can be configured only to listen on the internal IP (or localhost) instead of all interfaces.