Exploring the Unseen:

Basic Security on Debian Server

One of my favorite server systems is Debian. After installing a Debian server system, there are a few security measures I always take as a first step.

Before we dive in, I want to make it clear that this article is not meant to be an exhaustive guide to Debian server security. These are just the initial steps I take to secure a new Debian server. Security is a vast and complex field, and it’s crucial to continually learn, adapt, and fortify your systems as best as you can. With that said, let’s get started!

Install Uncomplicated Firewall (ufw)

Uncomplicated Firewall, or ufw, is an interface to iptables that is geared towards simplifying the process of configuring a firewall.

Installation

To install ufw, use the following command:

apt install ufw
ufw enable

Configuration

After installation, you can configure ufw to meet your specific needs. For example, to allow SSH connections, you would use:

ufw allow ssh

Checking Open Ports

It’s crucial to know which ports are open on your server to manage its security effectively. You can check the open ports by using the ufw status command:

ufw status

This command will display a list of rules that are currently active. If a rule is set to ALLOW, the corresponding port is open. For example, if you see 22/tcp ALLOW Anywhere, it means that your server is accepting SSH connections from any IP address.

Remember, only the necessary ports should be open to reduce the potential attack surface. If you find any ports that shouldn’t be open, you can close them using the ufw deny command.

Create SSH Keys and secure SSH Login

SSH keys provide a more secure way of logging into a server than using a password alone.

Creating SSH Keys

To generate a new SSH key pair, use the following command:

ssh-keygen -t rsa

This command will create a private key (id_rsa) and a public key (id_rsa.pub). Keep your private key secure and confidential.

Transferring and Adding SSH Keys

If you’ve generated your SSH keys on a different server, you’ll need to transfer the public key to the server you want to access. You can do this using the ssh-copy-id command:

ssh-copy-id -i ~/.ssh/id_rsa.pub your_username@your_server_ip

Replace your_username with your actual username and your_server_ip with the IP address of your server. This command will append the contents of your public key to the ~/.ssh/authorized_keys file on your server.

If ssh-copy-id is not available, you can manually append the public key to the authorized_keys file. First, transfer the public key to your server using scp or a similar tool. Then, on the server, append the key to the authorized_keys file:

cat id_rsa.pub >> ~/.ssh/authorized_keys

Securing SSH

To secure SSH, you should disable password authentication to prevent brute-force attacks. This can be done by editing the SSHD configuration file:

vi /etc/ssh/sshd_config

Find the line that includes PasswordAuthentication and change it to no.

Install Fail2Ban

Fail2Ban is an intrusion prevention software that protects your server against brute-force attacks.

Installation

To install Fail2Ban, use the following command:

apt install fail2ban

Configuration

After installation, you can configure Fail2Ban to protect various services on your server. The configuration files for Fail2Ban are located in /etc/fail2ban.

Remember, these are just the first steps. Always ensure to keep your server updated and monitor your logs regularly for any suspicious activity. Security is a journey, not a destination. Stay safe and happy server management!