How to Secure my VPS and test it for vulnerabilities
I'm trying to secure my server and finding a balance between usability and security.
There has been some bots or someone that's been trying to log in my server via ssh because I was looking at my auth.log and it has a long list of ip address trying to guess my log in username/password. I also see alot of guesses for root passwords. But luckily I disabled my root password log in and made it only ssh key when i first got the server. Now i also removed my root login completely.
What I have installed/setup atm
*fail2ban < default config with maxtry 2 and bantime at 2hrs
*root login disabled
*user log in with root and 2 factor authentication/google authenticator
*ssh is still on port 22- dont know what port to change i heard changing port below 1024 is good because its privileged ports. after changing the port what other settings do i have to change/watchout for in case i lock myself out?
also i heard installing wordpress on my vps is bad.. what other cms can i install to be secure?
Is there a test i can run to see if my server is vulnerable? do people try to get into your own vps to see if you can?
Currently my server is on ubuntu 14.04