After reading Cuckoo’s egg from Clifford Stoll  I got a bit unsure if my Linux server is basically set-up secure enough. Even if the story about the hacker is quite old, it is neither the less highlighting the importance for security and to be careful enough when connecting a machine to the net.
Additionally having some history and experience in Security, I decided to have a closer look on my Linux server to double-ensure security.
First of all – and the issue of many problems – passwords. So let’s create a password which has no relation to the user, the content or the server itself. Passwords should have a certain length, numbers, lower and upper-case characters – and at least a special character. If your brain is unable to generate such a password, you can use the pwgen command under Linux.
root@lvps5-35-244-75:~# pwgen -y 12
Since we now have created a secure password, we should limit our remote access to certain users. In addition we should disable remote access for the privileged root account, since to whatever reason somebody might be able to log in as root, there would be no more limitations or boundaries to change, modify or destroy our system. Therefore simply edit the following line in the /etc/ssh/sshd_config:
Afterwards, do a simple restart of the sshd to reload the configuration.
In addition, since most of our system might have several accounts – you should question yourself if all of them require ssh access.
2.) Automatic Security Updates
To enable automatic security related updates under Ubuntu you should install the unattended-upgrades package.
apt-get install unattended-upgrades
dpkg-reconfigure -plow unattended-upgrades
Further details in regards to the unattended upgrades and specifics can be found under . Personal note: As for my installation, the unattended-upgrade was not doing the upgrades automatically, I simply added the command into my crontab to be fired up each day at 03:00. To change your crontab use:
and add the following line
0 3 * * * /usr/bin/unattended-upgrade
In relation to this topic, also quite helpful I would see the apticron package, which should automatically inform you about package updates.
apt-get install apticron
3.) Disable external root access
Also one of the basic security todos after a server set-up should be the disabling of the remote root ssh login. This can be easily done by changing the following parameter in /etc/ssh/sshd_config:
Please note that a change onthe sshd requires a restart of the service, which can be done via:
4.) Take a look beyond the walls: Check for additional services
I see it as quite helpful to do an external scan of which services are available. This can be done quite easy and straightforward via nmap. So let’s install it and do a quick scan:
root@abc:~# apt-get install nmap
root@abc:~# nmap -f xyz.com
Starting Nmap 5.00 ( http://nmap.org ) at 2013-11-06 23:16 CET Interesting ports on jvr.at (22.214.171.124): Not shown: 985 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 106/tcp open pop3pw 110/tcp open pop3 143/tcp open imap 443/tcp open https 465/tcp open smtps 587/tcp open submission 993/tcp open imaps 995/tcp open pop3s 3306/tcp open mysql 8443/tcp open https-alt
Of course there are a lot more of security related tipps & tricks, but I thought this might be a starting point. Another starting point, which I find quite useful is .