Adminbuntu

Everything for the Ubuntu Server Administrator

User Tools

Site Tools


Sidebar

Server Administration


Server Applications


At the Command Line


Elsewhere


Copyright 2013 Applied Conscious Technologies, LLC

Terms of Agreement

Contact


submit to reddit

security

Ubuntu Server Security

Any server can be hacked. If your server is connected to the internet, it will be probed constantly by hostile entities seeking to breech your security and take over your server.

You can make this more difficult, with the likely result that the bad guys will move on to greener pastures.

Ubuntu Server security is excellent. The most important security measures are to not create security problems, not install unneeded packages and not open unneeded ports in your firewall.


Core

name description
AppArmor AppArmor is built in to Ubuntu Server. Learn to understand, add profiles and monitor it.
Firewall Learn to understand and manage Ubuntu's builtin iptables firewall using UFW.
Name Resolver Security Turn off unused and potentially vulnerable features.
Password Policy Control password length and whether passwords expire.
Rootkits Hackers can target Linux for installation of a rootkit, giving control of your server.
Shared Memory Security Shared memory is generally not used on servers and can be disabled.
SSH Security Learn to get the best protection possible afforded by SSH.
SU Security Don't allow non-administrators to run commands as the root user.
Sysctl, Kernel Level Security Increase kernel level security.

Security Tools

name description
Rootkits Hackers can target Linux for installation of a rootkit, giving control of your server.
Security Analyzers Learn to scan for vulnerabilities, analyze system logs and scan for open ports.

Server Applications

name description
Apache Security Increase Apache web server security.
BIND Security If you have the BIND name server installed, increase security.
PHP Security

Other

Ongoing Best Practices

Now that your server is better hardened against attack, do your part as system administrator to maintain higher security on an ongoing basis.

Encrypt Connections to the Server

Never use FTP, Telnet, Rlogin or Rsh. Of these, only FTP is still in common use. It is possible to configure FTP to only allow encrypted connections, but many servers still allow plain text FTP. SFTP, which uses an SSH connection is much better and uses your server's user management system.

Minimize Installed Packages to Only Those Needed

A service cannot be attacked if it does not exist. For example, if you are not using an FTP server, remove it.

See which packages are installed with:

dpkg --list

Understand each installed package and decide if it is needed. Remove those which are unused with:

sudo aptitude remove packagename

Keep Packages and the Linux Kernel Up to Date

The Linux community, Linus Torvalds and the Ubuntu and upstream maintainers are diligent, busy folks. They work hard fixing bugs, security vulnerabilities and adding useful features. Take advantage of this amazing ecosystem and keep your server from being low hanging fruit.

sudo aptitude safe-upgrade

Audit Log Files with LogWatch on a Regular Basis

System logs contain a wealth of information about usage, server load and attempts to breach security. But this data is useless unless analyzed, which is normally too big a job to do with regularity manually.

LogWatch allows you to analyze log files on a regular basis.

Security Commands

Find World Writable Files

sudo find /dir -xdev -perm +o=w ! \( -type d -perm +o=t \) ! -type l -print

Find World Writable Directories

sudo find /dir -type d -perm -o+w -exec ls -ld {} \;

Find User Accounts without Passwords

sudo awk -F: '($2 == "") {print}' /etc/shadow

security.txt · Last modified: 2015/05/31 21:20 (external edit)