DigitalOcean

Report this

What is the reason for this report?
Question

Best practices for hardening new sever in 2017

Posted on May 15, 2017
Security
Linux Basics
Ubuntu 16.04
Getting Started
TheYorkshireDev

By TheYorkshireDev

When setting up droplets on Digital Ocean it is encouraged to setup some basic security and monitoring. I have read around quite a lot recently on best practices for hardening a new Ubuntu server. Below are the steps I have compiled. Does the community have any suggestions for tweaks to this list including additions or removals?

  1. Create a non-root user [2, 3, 7, 8]
  2. Add non-root to the sudoers group [2, 3, 8]
  3. Add public ssh key to non-root user [1, 2, 3, 8]
  4. Deny all inbound traffic with ufw firewall [1, 3, 4, 7]
  5. Open required ports within the ufw firewall [1, 3, 4, 7]
  6. Update SSH config - Password-less logins [2, 3, 7, 8, 9]
  7. Update SSH config - Disable root login [2, 3, 5, 7, 8, 9]
  8. Update SSH config - Change ssh port [2, 3, 7, 8, 9]
  9. Unattended upgrades [3, 4, 6, 7]
  10. Postfix for emails [2, 3, 6]
  11. Logswatch to send daily summary emails [3]
  12. Fail2ban [2, 3, 7]
  13. Set the timezone to UTC and install NTP [2]
  14. Secure shared memory [5]
  15. Add a security login banner [[5]
  16. Harden the networking layer [5]
  17. Prevent IP spoofing [5]

Sources

1. Digital Ocean - 7 Security Measures to Protect your Servers

2. Digital Ocean - What do you do with your first five minutes on a new server

3. Securing a Server with Ansible

4. Ghost on Digitalocean 512MB

5. Tech Republic - How to harden ubuntu server 16-04 security in five step

6. How to configure Auto-Updates on Linux Ubuntu Servers

7. Linode - Securing your Server

8. Rackspace - Linux Server Security Best Practices

9. Best practices for SSH configuration



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
yayon11real
yayon11real
May 16, 2017

This comment has been deleted

0
ajaysherif
ajaysherif
November 27, 2017

Question: We are planning to host SFTP based application in Azure on Linux based platform. We need to know different security features which we can implement for SFTP access. How do we configure SFTP in High availability mode. From client machine how we can connect to SFTP application by using script. How reliable & scalable solution would be as there will large number of files in Gb will be transferred with this application.

0
davber056
davber056
April 28, 2019

I personally used this tutorial to harden my digitalocean droplet. It includes, Replacing Password Login With Authorized keys https://hostup.org/blog/how-to-secure-a-ubuntu-linux-server-in-3-simple-steps/

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.