One of my favorite server systems is Debian. After installing a Debian server system, there are a few security measures I always take as a first step.
Before we dive in, I want to make it clear that this article is not meant to be an exhaustive guide to Debian server security. These are just the initial steps I take to secure a new Debian server. Security is a vast and complex field, and it’s crucial to continually learn, adapt, and fortify your systems as best as you can. With that said, let’s get started!
Table of Contents
Uncomplicated Firewall, or ufw, is an interface to iptables that is geared towards simplifying the process of configuring a firewall.
To install ufw, use the following command:
apt install ufw ufw enable
After installation, you can configure ufw to meet your specific needs. For example, to allow SSH connections, you would use:
ufw allow ssh
It’s crucial to know which ports are open on your server to manage its security effectively. You can check the open ports by using the ufw status
command:
ufw status
This command will display a list of rules that are currently active. If a rule is set to ALLOW
, the corresponding port is open. For example, if you see 22/tcp ALLOW Anywhere
, it means that your server is accepting SSH connections from any IP address.
Remember, only the necessary ports should be open to reduce the potential attack surface. If you find any ports that shouldn’t be open, you can close them using the ufw deny
command.
SSH keys provide a more secure way of logging into a server than using a password alone.
To generate a new SSH key pair, use the following command:
ssh-keygen -t rsa
This command will create a private key (id_rsa
) and a public key (id_rsa.pub
). Keep your private key secure and confidential.
If you’ve generated your SSH keys on a different server, you’ll need to transfer the public key to the server you want to access. You can do this using the ssh-copy-id
command:
ssh-copy-id -i ~/.ssh/id_rsa.pub your_username@your_server_ip
Replace your_username
with your actual username and your_server_ip
with the IP address of your server. This command will append the contents of your public key to the ~/.ssh/authorized_keys
file on your server.
If ssh-copy-id
is not available, you can manually append the public key to the authorized_keys
file. First, transfer the public key to your server using scp
or a similar tool. Then, on the server, append the key to the authorized_keys
file:
cat id_rsa.pub >> ~/.ssh/authorized_keys
To secure SSH, you should disable password authentication to prevent brute-force attacks. This can be done by editing the SSHD configuration file:
vi /etc/ssh/sshd_config
Find the line that includes PasswordAuthentication
and change it to no
.
Fail2Ban is an intrusion prevention software that protects your server against brute-force attacks.
To install Fail2Ban, use the following command:
apt install fail2ban
After installation, you can configure Fail2Ban to protect various services on your server. The configuration files for Fail2Ban are located in /etc/fail2ban
.
Remember, these are just the first steps. Always ensure to keep your server updated and monitor your logs regularly for any suspicious activity. Security is a journey, not a destination. Stay safe and happy server management!
No Comments on Basic Security on Debian Server