Welcome to World of IPTV

With

+23k members
+11k threads
+105k posts

we are the most popular IPTV community on the web. 

Join now to the World of IPTV !

Forum Rules

Before you start, check out the forum rules first

Account upgrade

Upgrade your account to get access to full features

Advertising

Would you like to place your advertisement with us ?

Resources Manager

Hundreds of IPTV scripts and apps are available for download

HowTo New Server Security - Ubuntu

peezy

Member
Member
Joined
Oct 2, 2019
Messages
56
Reaction score
244
Points
44
Location
The Woods
I had a lot to learn running a dedicated server, and I still have a long way to go. I wanted to post some help for those who are just starting out. This does follow with Redhat's guide in here about putty and what not, and I hope this adds to his discussion. I just threw together the stuff I researched first and the steps I took to be a little more secure. I hope this helps.

If logging into your server for the first time as root, you need to create a new user. Never use root to SSH into the machine. Run this command to create a new user,
sudo adduser userName

Now we want to add the user we just created to the sudo group so you can use root privileges,
usermod -aG sudo userName

Once that is done, you want to disconnect the current ssh session, and reconnect using your new user.

Now we want to lock the root user(sudo su will grant you root privileges still, this just locks down the literal root user),
sudo passwd -l root

Now we want to configure our SSH sessions to use a different port than the standard one. This will make it more difficult for sniffers to determine where you are listening for SSH. If you want more security I recommend looking into, port knocking. Check out my tutorial

Edit your SSH config

run,
sudo nano /etc/ssh/sshd_config

Locate the port field and change it to whatever you want under 1024, higher if you'd like. Just make sure it does not conflict with another port you may be using such as port 80

Also in the same config file we want to disable root login through SSH. Change the permit root login field to no.
permitRootLogin no

Save, exit, and give your services a restart, run,
sudo service ssh restart

Now we want to limit su access only to admins(run as root). This will cause only users you have added to the sudo group to be able to access root privileges. run,
sudo dpkg-statoverride --update --add root sudo 4750 /bin/su



This next step is optional, it creates an RSA key that you use to connect to your server rather than a password. You can even disable password authentication on SSH completely.



We want to create an RSA key to login through SSH, so we don't have to type in a password.
This tutorial will use putty, and puttyGen.

Generate RSA keys with puttyGen on client machine
Save public and private to keys folder
Copy text in textField within puttygen

With Putty connect to your server and run,
ls -l ~/.ssh,

If nothing comes up, run this command to generate a hidden .ssh folder. Just hit enter through all the prompts, you don't need to answer any of them. Run,
ssh-keygen

Then change to the hidden ssh directory,
cd ~/.ssh/

Then create an authorized keys directory,
touch authorized_keys

then open the file,
nano authorized_keys

Paste the key we generated from puttyGen in the earlier step into this file, then save and exit.

Give your SSH service a restart,
sudo service ssh restart

End your SSH session and open Putty.
Once Putty is open, under the category tree on the left expand SSH under Connection and select Auth without expanding it.
The last field will be for a private key file, browse and select the private key we generated and saved with Putty in the first step.

Now return to Session in the category tree on the left and enter your host and port numbers. You should now be able to login without typing in your password. You can save that config within Putty so you don't have to select the private key each time, just store the session.

If you want to go one step further you can disable password login all together, but if this is the route you choose, make sure you test your RSA key and confirm you can login with it. Once you do this, if you have a problem with your key you will not be able to login at all. I found this out the hard way.

As root,(sudo su), run,
nano /etc/ssh/sshd_config

Find passwordAuth and set to no,
PasswordAuthentication no

Then give your SSH service a restart, and you should be good to go,
sudo service ssh restart

Now SSH password authentication is completely disabled for that user.



Now what really opened my eyes was thinking this way about everything I put on my server, what ports does it run on, what vulnerabilities does the stuff I run open me up to you know? Just thinking about SSH made me start thinking, fuck I wonder what else is vulnerable. It made me start researching things in a different way and think about my server in a different way. So anyway, hope it helps someone.

Next get going on installin fail2ban ;)
 
Last edited:

peezy

Member
Member
Joined
Oct 2, 2019
Messages
56
Reaction score
244
Points
44
Location
The Woods
You can use port knocking for more security....
Yes definitely! i put that in there just only mentioned it though. Havent gotten that far in yet but once i do, ill add it to this guide.

Thanks for this. Going ot give this a blast over the next day or 2 :)
Hey man, if you ever run through this, let me know how it goes for you and if you have any trouble. Id love to know.
 

Starkey

Member
Member
Joined
Sep 25, 2019
Messages
273
Reaction score
162
Points
54
Location
Earth
great share there , bud @peezy , you wouldnt happen to know the cmd to create a user for read / write access , not deleate
cheers
 
shape1
shape2
shape3
shape4
shape5
shape6
Top