Anansewaa
server security

How to harden Ubuntu 16.04 Server security

Ubuntu 16.04 Server Security

In this article, we will discuss some server security configurations that are best to protect Ubuntu 16.04 server environment.

Secure shared memory

First, open the configuration file for editing using the command below:

Next, add the following line of code to the bottom of the configuration file:

Save and close the file. Then restart the server for the changes to take effect.

Enable ssh login for specific users

It is a good practice to enable ssh login for specific users. However, if you want to only allow secure shell entry for a user from a specific IP. Here are the steps to use.

For instance, allowing only secure shell entry for the user george, from IP address 192.168.6.32.

In the terminal, open the ssh config file using the following command:

At the end of the file, add this line of code:

Save the file and restart sshd with the command below:

Currently, secure shell only allows entry by george, from IP address 192.168.6.32. At this point, if anyone other than george tries to ssh into the server; they will get a prompt for a password which will not be accepted or get denied access.

Since we all have different needs, you might want to allow all users on a particular network to access the server via ssh.

To do that, add the following line of code to the end of the ssh config file:

Restart the ssh server for changes to take effect.

Adding security login banner

Most people will not consider adding the login banner, but with the login banner, a malicious user might think twice about continuing. This process is purely psychological, but it is a step you should not overlook.

To configure it, open the configuration file with the following command:

Add a suitable warning and save file.

Next, disable the banner message from motd. Use the following command to open the configuration file:

In the configuration file, comment the following lines of code by adding # at the beginning of each line:

Now, open the ssh configuration file and comment this line of code:

Next, save the file and restart the ssh server with the following command:

Harden the networking layer

To simply log all malformed IPs and prevent source routing of incoming packets the Ubuntu server, open the configuration file with the following command:

Uncomment the following lines of code:

Save the file, and restart the service with the following command

Preventing IP spoofing

Finally, to prevent the server’s IP from being spoofed, open the configuration file with the following command:

The initial configuration looks like this:

Change the configuration to this:

Save the file. Viola! No more IP spoofing.

Conclusion

The configuration above is only some of the enhancements you can make to improve your server security.

Clemence Ayekple

Let's grab a cup of coffee and talk about programming

Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most discussed

%d bloggers like this: