Whenever I deploy a new server I always ensure that any flaws which I’ve picked up from my few years of server experience are fixed, leaving the new server as secure as can be and ready for use.
Below are a few tips for keeping your server as secure as can be:
- Have a secure root password – Use something random and at least 8 characters long
- Use non-default ports – Change the default port for services commonly targeted by bots or attackers such as SSH
- Check your logs – Look for authentication failures and put the related IPs in a block or reject rule using iptables
- Process users – Make sure processes have their own users and aren’t ran as root
More tips will be added once I remember them!