After you create a new server, there are some configuration tweaks that you should make to harden the security of your server.<\/p>\n
As the root user, you have privileges to do anything that you want with the server – no restrictions. Because of this, it is better to\u00a0avoid using the root user account<\/strong>\u00a0for every task on your server. Let’s start by making a new user. Replace\u00a0 Choose a new\u00a0secure password<\/strong>\u00a0and respond to the questions accordingly (or just hit ENTER to use the default value).<\/p>\n New user accounts don’t have privileges outside of their home folder and cannot run commands that will alter the server (like\u00a0 The easy way is to add the user to the\u00a0 This will add the user to the group\u00a0 The other way is to put your user in the\u00a0 First, run this command:<\/p>\n This will open the\u00a0 After this line, write your user name and grant it full root privileges. Replace\u00a0 Save and close the file (Ctrl + O<\/strong>\u00a0and\u00a0Ctrl + X<\/strong>\u00a0in nano).<\/p>\n To login to your new user account without\u00a0 Test sudo permissions using this command:<\/p>\n The shell will ask for your password. If sudo was configured properly, then your repositories should be updated. Otherwise, review the previous steps.<\/p>\n Now, logout from the new user:<\/p>\n Sudo setup is complete.<\/p>\n The next part of this guide involves securing the ssh login to the server. First, change the root password:<\/p>\n Choose something hard to guess, but that you can remember.<\/p>\n SSH keys are a safer way to login. If you are not interested in SSH keys, skip to the next part of the tutorial.<\/p>\nusername<\/code>\u00a0with the desired user name:<\/p>\n
adduser username\r\n<\/code><\/pre>\n
Giving user root privileges<\/h3>\n
install<\/code>,\u00a0
update<\/code>, or\u00a0
upgrade<\/code>). To avoid the use of the root account, we will give the user root privileges. There are two ways of doing this:<\/p>\n
Adding user to sudo group<\/h4>\n
sudo<\/code>\u00a0group. Replace\u00a0
username<\/code>\u00a0with the desired user name:<\/p>\n
adduser username sudo\r\n<\/code><\/pre>\n
sudo<\/code>. This group has the privilege of running the commands with sudo access.<\/p>\n
Modifying sudoers file<\/h4>\n
sudoers<\/code>\u00a0file. If your server has multiple users with root privileges, then this approach is somewhat better because if someone messes with the\u00a0
sudo<\/code>\u00a0group, you will be still able to run commands with root privileges to work on the server.<\/p>\n
visudo\r\n<\/code><\/pre>\n
sudoers<\/code>\u00a0file. This file contains the definitions of groups and users who can run commands with root privileges.<\/p>\n
root ALL=(ALL:ALL) ALL\r\n<\/code><\/pre>\n
username<\/code>\u00a0accordingly:<\/p>\n
username ALL=(ALL:ALL) ALL\r\n<\/code><\/pre>\n
Testing your new user<\/h4>\n
logout<\/code>\u00a0and\u00a0
login<\/code>, simply call:<\/p>\n
su username\r\n<\/code><\/pre>\n
sudo apt-get update\r\n<\/code><\/pre>\n
exit\r\n<\/code><\/pre>\n
Securing SSH<\/h3>\n
passwd root\r\n<\/code><\/pre>\n
SSH key<\/h4>\n