Your VPS or a server only comes with Ubuntu 16.04, setup by default. It’s convenient for new users, but it leaves some known vulnerabilities of the system wide open. In order to secure the system from both internal mistakes and external attacks, you need to setup the server correctly.
- A server or a VPS with Ubuntu 16.04 and OpenSSH.
- A device that supports SSH.
IMPORTANT: All commands in this article have to be executed via terminal. Under Linux, Terminal can be launched through the app menu or via a hotkey combo (in Ubuntu it’s Ctrl+Alt+T). Under other OS’s, you have to launch the terminal emulation session via a corresponding app. In order to execute a command, enter it in the terminal and press Enter.
- Superuser rights. Also known as root rights. Provide the highest access level in any Linux OS, allowing the user to edit any files as they see fit.
Creating a new user
By default, there is only one user on the server — root. Root has superuser rights with no regulation mechanism. This is bad, because even the smallest mistake can result in the files or settings being corrupted or just plain wrong. Which is why, in order to correctly and safely set the server up, you need to create your own user.
- Connect to the server via ssh as a root. In order to do this, execute the command:
- The server will request your password. Your hosting company had to provide you one, most likely in an e-mail. Enter the password (the symbols won’t be seen on the screen, so enter them carefully) and press Enter.
- See the welcome screen:
- Create a user via a command:
- See the report, where Ubuntu tells you how exactly it added a user to the PC. At the end, you will be asked to provide a password for a user. Create one, enter it and press Enter.
- Ubuntu will ask you to repeat the password, in order to diminish the chance of a fatal mistype. Enter it again and press Enter.
- Ubuntu will want to collect some info about the user. You can fill it in, or you can simply press Enter in the empty fields. At the end, press Y and then Enter in order to agree that the information is correct.
The user is created. Now you have to check if it’s working. To do this, close the terminal window and open another one.
- Log into the server as a new user. To do this, execute:
- See the password request. Type down the password and press Enter.
- See the welcome screen.
- Close the terminal window.
Now you have a new user. It doesn’t have the root rights yet, and it needs them in order to install apps and setup the server. At the same time, root user have those rights, but doesn’t have enough security measures to use them safely.
Giving the new user root access
- Log into the server as a root-user. To do this, execute a command:
- See the password request. Type it down and press Enter. See the welcoming screen.
- Execute a command:
usermod -aG sudo user_name
Now your new user has root-access, yet it is protected by a password. We will continue setting the server up via the new user.
Firewall installation and setup
Firewall is a software that prevents the computer from undesirable connections. For example, with a hacker that tries to access the server. But since the firewall does not know how exactly the server is being used, it needs to be setup first.
- Log into the system as a new user. Execute:
- See the password request. Enter the password and press Enter.
- See the Welcome screen. Now you have to download a list of the fresh software packages from the repository. To do this, execute:
sudo apt-get update
- Sudo commands require superuser rights, which Ubuntu will tell you by now. Enter your password once more and press Enter.
- See Ubuntu’s report about the package updates. Execute this command to install the UFW firewall:
sudo apt-get install ufw
- See the report on installation and preliminary setup.
- Request the list of the apps that will be blocked from the Internet by the UFW. To do this, execute:
sudo ufw app list
- There’s OpenSSH on the list. That’s bad, because that’s what we are using to access the server. Allow OpenSSH to access the Internet by executing:
sudo ufw allow OpenSSH
- See the report that the firewall rules have been updated.
- Turn on the firewall. To do this, execute:
sudo ufw enable
- Ubuntu will tell you that SSH can be disabled after the firewall is enabled. But we already fixed it, so press Y and Enter.
- Check the firewall status by a command:
sudo ufw status
The firewall is working and your project is safe from both hackers and user mistakes. Now you can install your specialized software and setup the server as you see fit.