Hackers are everywhere these days it seems. Sometimes I’ve got a new VM and within minutes of booting it up, I see garbage in the logs where people are trying to brute-force their way in. Stand up a web server and you see all kinds of crazy requests, each one mapping to a different vulnerability someone is trying to exploit.
We can’t give you a comprehensive black belt security course in a single article, but securing your VPS is very much a sliding scale of benefits. The first few things you improve give you massive benefits, and by the the time you get to number 80 or 90 on the list, you’re into pretty theoretical stuff.
So let’s see how secure we can make things on your box in 10 minutes. Ready? Go!
Turn Off Password Authentication
We have a tutorial on this, which shouldn’t take you more than half of our time budget, even less if you already have an SSH key. By turning off password authentication and using SSH keys instead, you’re switching to two-factor authentication.
Bonus: If you like 2FA, try setting up Google Authenticator for logins (tutorial).
Keep Your System Updated
How to do so depends on your distro family tree. If Debian/Ubuntu:
apt -y update && apt upgrade
Or even better:
apt install unattended-upgrades
…which will run upgrades automatically. This will include all security upgrades. So if you go away for a weekend and some vulnerability is found on Friday, by Saturday it’ll be likely rolled into a security update by your distro and will be automatically applied before you even get home.
If CentOS/RHEL:
dnf install dnf-automatic systemctl enable --now dnf-automatic.timer
and then configure in /etc/dnf/automatic.conf by setting
apply_updates = yes
Good Job!
Of course, there’s more you can do:
- Setup a firewall
- Setup security tools like rkhunter that scan your system to look for problems
- Change the SSH port
- Setup fail2ban
- Disable unused services
- Learn SELinux or AppArmor and use it
- Monitor your logs
…but all that takes more than 10 minutes. The two steps above are quick and easy and will give you a huge headstart.
Related Posts:
Five Times When Updating Your OS Would Have Saved You From Being Hacked
Get Ready to Scan Your Passport If You Want to Buy a VM This Summer
My Server Was Getting Constantly Hacked Until I Changed This One Parameter
No, 'airforce' is Not a Good Password: Check Out This Honeypot
Motherboard MSI Warns of Rogue Firmware
RackNerd and Ezeelogin: Securing and Scaling SSH
Raindog308 is a longtime LowEndTalk community administrator, technical writer, and self-described techno polymath. With deep roots in the *nix world, he has a passion for systems both modern and vintage, ranging from Unix, Perl, Python, and Golang to shell scripting and mainframe-era operating systems like MVS. He’s equally comfortable with relational database systems, having spent years working with Oracle, PostgreSQL, and MySQL.
As an avid user of LowEndBox providers, Raindog runs an empire of LEBs, from tiny boxes for VPNs, to mid-sized instances for application hosting, and heavyweight servers for data storage and complex databases. He brings both technical rigor and real-world experience to every piece he writes.
Beyond the command line, Raindog is a lover of German Shepherds, high-quality knives, target shooting, theology, tabletop RPGs, and hiking in deep, quiet forests.
His goal with every article is to help users, from beginners to seasoned sysadmins, get more value, performance, and enjoyment out of their infrastructure.
You can find him daily in the forums at LowEndTalk under the handle @raindog308.
Leave a Reply