[ubuntu] Ubuntu 20.04 Security Checkup
 

[ubuntu] Ubuntu 20.04 Security Checkup

 
Hello everyone,

I am setting up some import Ubuntu servers which will be running version 20.04.

I would just like to run my security setup passed you to make sure I haven’t missed anything important.

On all the servers I will be installing:

  1. OpenSSH Server
  2. Fail2Ban
  3. UFW
  4. Bash Login Notifications

OpenSSH Security
Only the Ubuntu user will be permitted to login via SSH using a certificate.
Here are the changes I have made to the sshd_config file:

Code:

AllowUsers ubuntu
PermitRootLogin no
PasswordAuthentication no
AllowTcpForwarding no
ClientAliveCountMax 2
Compression no
LogLevel VERBOSE
MaxAuthTries 2
MaxSessions 2
Port 44558
TCPKeepAlive no
X11Forwarding no
AllowAgentForwarding no
Protocol 2
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys


Fail2Ban Security
Here are the changes I have made to jail.conf

Code:

bantime  = 7d
findtime  = 1h
maxretry = 3
destemail = [email protected]
mta = mail


UFW Security
Here are the rules I have setup

Code:

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow from to any port 44558 proto tcp
sudo ufw enable


Additional rules will be added to specific servers based on it’s purpose. For example:
My web server will only allow incoming traffic on port 443.
My mysql server will only allow incoming traffic from the apache web servers.

Bash Login Notification
I’ve also added the following line to the .bashrc to let me know of any logins.

Code:

echo 'ALERT - '$USER' shell access found on '$HOSTNAME' on:' `date` `who` | mail -s "Alert: User shell access" [email protected]


If you have any comments on the above I would love to hear them. Also, if you can think of anything else which might help, please let me know.

Kind Regards
Andy

 

Previous CDROM in KVM Guest
Next Install Ubuntu on acer n16q14
 

About author

You might also like

Ubuntu Dsicussions 0 Comments

[ubuntu_mate] Compiling CinePaint 1.0-4

Hi, right now I am trying to compile CinePaint 1.0-4 from source, but I am getting various error messages: https://claus-cyrny.net/wordpress/wp…nepaint_01.png My question: Does anyone know where I can get all

Ubuntu Dsicussions 0 Comments

Acer wireless mouse not working

It doesn’t appear to show up at all (i’ve rebooted and tried the wireless networks). I’m trying to install it manually and I’m up to here (see pic) Attached Images

Ubuntu Dsicussions 0 Comments

System recovery after a crash using Timeshift

Crashes happen, mostly from user incompetence (I mean me) and very rarely from hardware or software faults. Restoring a system to an earlier (functional) state is often not simple. The

0 Comments

No Comments Yet!

You can be first to comment this post!

Leave a Reply