What does it take to make a linux server secure? Close all the doors and put on good locks.
We will go through all the steps for securing a new Ubuntu server on a virtual machine:
SSH settings are found at /etc/ssh/sshd_config: Restart ssh daemon
PasswordAuthentication no
Port {newport}
Restart ssh service
sudo systemctl restart sshd
Enable firewall
sudo ufw enable
sudo ufw allow {ssh_port}
sudo ufw allow 80
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc). Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents. Configure services to use only two factor or public/private authentication mechanisms if you really want to protect services.
Read list:
Concepts
Step1 : install
sudo apt-get update
sudo apt-get install fail2ban
Step2 : create jail file
systemctl restart fail2ban[nginx-botsearch]
enabled = true
port = http,https
filter = nginx-botsearch
logpath = /var/www/logs/nginx-access.log
maxretry = 3
banaction = iptables-multiport
findtime = 360
bantime = 360
Checking filters
Use to check how many entries the selected filter will ban
fail2ban-regex {log path} {filter path}
Checking jail status
fail2ban-client status {jail name}
