5 simple tips for securing your server
DigitalOcean’s tutorial, Initial Server Setup with Debian 11, covers many good topics. It would be best if you didn’t SSH into a server as root, so you’ll need to create a new user. You may skip setting up UFW if you plan on using a Firewall provided by your Cloud.
Linode’s guide, Getting Started with Cloud Firewalls, will help you restrict server access. I often create a rule that allows only my IP address to connect to the server using SSH. Hackers are constantly trying to brute-force any server running SSH.
If you decide to use UFW, you should install Fail2ban to stop brute-force attacks. After so many failed attempts, it will block their IP for a specific amount of time. Be sure to keep reading so you can learn some more tips on securing SSH.
After getting your initial server setup, you’ll want to take some steps to make your SSH daemon more secure. The post, How To Harden OpenSSH on Ubuntu 20.04, also works with Debian. Disabling password authentication and requiring users to use SSH keys should be something you always do.
If you’re truly serious about securing your server, then you should consider installing SELinux. While it can be challenging to get started, you’ll be much safer once you have everything configured. One tip I found helpful is that you should begin in “permissive” mode to see what policies need tweaking.
- Security-Enhanced Linux for mere mortals
- Basic and advanced configuration of Security-Enhanced Linux (SELinux)
- Wikipedia - Security-Enhanced Linux
- SELinux Project Wiki
- SELinux on GitHub