Ubuntu Server 18.04 – Securing Your Server

How to check for updates on Windows Server 2019

It seems like every month there are new reports about companies getting their servers compromised. In some cases, entire databases end up freely available on the internet, which may even include sensitive user information that can aid miscreants in stealing identities. Linux is a very secure platform, but it’s only as secure as the administrator who sets it up. Security patches are made available every day, but someone has to install them. OpenSSH is a very handy utility, but it’s also the first point of entry for an attacker who finds an insecure installation. Backups are a┬ámust-have, but are also the bane of a company that doesn’t secure them and then the data can fall into the wrong hands. In some cases, even your own employees can cause intentional or unintentional damage. In this chapter, we’ll look at some of the ways you can secure your servers from threats.

In this chapter, we will cover:

  • Lowering your attack surface
  • Understanding and responding to CVEs
  • Installing security updates
  • Automatically installing patches with the Canonical Livepatch service
  • Monitoring Ubuntu servers with the Canonical Landscape service
  • Securing OpenSSH
  • Installing and configuring Fail2ban
  • MariaDB best practices for secure database servers
  • Setting up a firewall
  • Encrypting and decrypting disks with LUKS
  • Locking down sudo

Comments are closed.