10 Tip for secure server

Nowdays in Iran, despite the filtering conditions, many people setup and use VPN service on the server

Unfortunately some persons, due to little of knowledge, security and software problems arise for their server

This writeup the minimum that can be used to prevent attacks and security problems

Change SSH port

Most of the brute force attacks are on the default port of services. To prevent this attack, change the default port

How do I change my Droplet's SSH port? | DigitalOcean Documentation

Block IP every 5 failed logins ( automation )

1. cd /home
2. create bash file → nano ipblocker.sh

#!/bin/bash

LOG_FILE="/var/log/auth.log"
THRESHOLD=5

while true; do
    failed_ips=$(grep "Failed password" $LOG_FILE | tail -n 5 | awk '{print $(NF-3)}' | sort | uniq -c | awk '$1 >= 5 {print $2}')

    for ip in $failed_ips; do
        echo "Blocking IP: $ip"
        echo "ALL: $ip" >> /etc/hosts.deny
    done

    sleep 60  # Check every minute
done

3.chmod +x ipblocker.sh

4. nano /etc/systemd/system/ipblocker.service

[Unit]
Description=Block IP addresses with failed SSH logins
[Service]
Type=simple
ExecStart=/home/ipblocker.sh
Restart=always

[Install]
WantedBy=multi-user.target

sudo systemctl daemon-reload
sudo systemctl start ipblocker
sudo systemctl enable ipblocker
sudo systemctl status ipblocker

Update server every 6 hours ( automation )

1. cd /home
2. create bash file → nano updater.sh

#!/bin/bash
apt update -y 
sleep 2
apt upgrade -y

3. chmod +x updater.sh

4. edit cronjob file -> crontab -e

5. add this → 0 */6 * * * /home/updater.sh

Use of low services

1. Run the monitor system processes commands (htop , atop , top , …) and see the running services
2. https://itsfoss.com/linux-system-monitoring-tools/
3. Disable unused service → systemctl disable <service-name>

Backup

It is better to use the rsync tool for backups.

Backup from important directories ex:/home,/opt,/var,/etc,…

https://www.techtarget.com/searchdatabackup/tutorial/Tutorial-Use-Linux-rsync-backup-to-protect-files

https://parsdev.com/blog/how-to-use-rsync

If you are using the Windows operating system, you can use the SFTP service or protocol in the WinSCP or Termius program for backup or transfer your file.

https://termius.com/free-ssh-client-for-windows

WinSCP :: Official Site :: Download

Use strong password

In this section, I suggest pwgen tool

A strong password can also prevent brute force attacks

apt-get install -y pwgen
yum install -y pwgen #for cent os

Generate random and strong password → pwgen -s 10 -1 -y

Change password → passwd

Delete unused packages

1. show installed package

• show all installed packages → cat /var/log/dpkg.log | grep “ install “
• show installed packages with apt command → grep “ install “ /var/log/apt/history.log

2. Delete the desired package

• apt-get remove <package-name>
• yum remove <package-name> #for cent os

Firewall configuration

By using and configuring the firewall, control and limit incoming and outgoing traffic, IPs, and ports so that the server remains safe from network attacks.

Basic firewall (ufw) → https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands

Powerful firewall (iptables) → https://www.digitalocean.com/community/tutorials/iptables-essentials-common-firewall-rules-and-commands

Fail2ban tool

Malware bots try to penetrate the server by exploiting the server’s IP address.

Fail2Ban tool’s made to analyze system logs and block cyber attacks and IP addresses

Tutorial setup : https://linuxhandbook.com/fail2ban-basic

Use 2FA (Google authenticator)

Google Authenticator is a two step or multi step authentication process that is used to prevent cyber attacks and is useful for the security of the SSH protocol and is installed on the server.

Tutorial setup : https://goteleport.com/blog/ssh-2fa-tutorial

Good luck ;)