Basic Security Steps for Your Chunk

Posted July 09, 2013

First off, this is written for Linux and specifically for Ubuntu 10.04 LTS. This document makes some assumptions. It assumes that you know how to us the vi editor. It assumes that you have at least a passing familiarity with Linux operating systems.

Patch Regularly

I can't say this often enough: RUN YOUR UPDATES On Debian or Ubuntu:

apt-get update; apt-get dist-upgrade

On CentOS:

yum upgrade

Lock Down PhpMyAdmin

If you run PhpMyAdmin, setup a password for it. Lots of viruses are automatically scanning the web for unsecured PhpMyAdmin installations.

Setup IPTables Firewall

  1. Make sure that IP tables is installed
  2. There are a LOT of tutorials on how to install and operate IPTables so I won't cover that here
  3. You will probably want to scan your logs from time to time looking for nefarious traffic. Add those IP's to your block list.
  4. Consider Installing Fail2Ban or something similar to block brute force attacks

Create a Non-Root Login, and Change SSH to Disallow Direct Root Login

Add A Non-Root Login

  1. Login to your chunk as root
  2. Type: adduser <username>
  3. Follow prompts to set your password
  4. Allow your user use sudo to become root: adduser <username> sudo

Change SSH to Disallow Direct Root Login

Now that you have your non-root user with sudo permissions, you can login to that and use sudo -s to become root. You can now prevent anyone from SSHing to root directly.

  1. As root, edit /etc/ssh/sshd_config
  2. Add the line: PermitRootLogin no
  3. Restart SSH: /etc/init.d/ssh restart

Please note: the Emergency Console is great for when you have any issues with iptables or turning off root logins! You can always log in from there!