Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Why SSH works only on the standard port? Question Question
ServerPilor + froxlor in the same server? Question Question

Question

What security measures to take on the droplet?

Posted August 11, 2015 4.6k views
UbuntuGetting StartedSecurity

Hi, I’ve implemented these security measures on my new droplet as part of the basic setup:

  1. Enabled SSH keys
  2. Disabled root login
  3. Disallowed password authentication
  4. Restricted use of PAM
  5. Changed port number
  6. Limited users through SSH
  7. Installed UFW firewall

Do you think these are sufficient or there are any other security aspects that I should have on the droplet before going ahead with LAMP or LEMP stack to eventually install WordPress?

Sharing of your personal experiences will be highly appreciated. Thanks. :)

Add a comment
By:
Linza

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Why SSH works only on the standard port? Question Question
ServerPilor + froxlor in the same server? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
ryanpq August 11, 2015

This is a good start! I would also recommend setting up fail2ban if you begin seeing a lot of failed ssh authentication attempts. With the changed port you might not so I’d watch your logs and set up fail2ban if it makes sense.

Reply Report
  • Linza August 11, 2015

    Thanks for your reply, Ryan. Regarding fail2ban, I read in one of the tutorials here that if you disable password authentication then there is no need to install it, as it is only needed when you have the password authentication allowed.

    As you mention changing the post further reduces SSH authentication attempts, but I read about port scanning too. What should I install that would help me watch the logs and alert me whenever there is port scanning. I saw a tutorial on PSAD but that needs iptables and a mail server. Let me know your views.

    Reply Report
Linza August 11, 2015
[deleted]
Reply Report

Related

Looking for something else?

Ask a new question Search for more help