I’m trying to secure my server and finding a balance between usability and security.
There has been some bots or someone that’s been trying to log in my server via ssh because I was looking at my auth.log and it has a long list of ip address trying to guess my log in username/password. I also see alot of guesses for root passwords. But luckily I disabled my root password log in and made it only ssh key when i first got the server. Now i also removed my root login completely.
What I have installed/setup atm
*fail2ban < default config with maxtry 2 and bantime at 2hrs
*root login disabled
*user log in with root and 2 factor authentication/google authenticator
*ssh is still on port 22- dont know what port to change i heard changing port below 1024 is good because its privileged ports. after changing the port what other settings do i have to change/watchout for in case i lock myself out?
also i heard installing wordpress on my vps is bad… what other cms can i install to be secure?
Is there a test i can run to see if my server is vulnerable? do people try to get into your own vps to see if you can?
Currently my server is on ubuntu 14.04
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.