How to secure your KVM VPS

This guide provides some general tips for securing a Linux-based server.

1.Update your system regularly

The first thing you should do to secure your server is to update the local repositories, and upgrade the operating system and installed applications by applying the latest patches.

This update will take place in two steps:

  • Updating the package list
apt-get update
  • Updating the actual package
apt-get upgrade
2. Changing default SSH port

By default, port 22 is used to establish an SSH connection. This port is automatically configured during the installation of your operating system, therefore server hacking attempts by robots will target this port. Modifying this setting by using a different port is a simple measure to protect your server against automated attacks

To do this, modify the service configuration file:

vi /etc/ssh/sshd_config

Find the following or similar lines:

Replace port 22 with a new port. Please do not enter a port number already used on your system!

Then restart your service.

systemctl restart sshd

To establish an SSH connection after this change, enter the following command:

ssh [email protected]_address_of_the_server -p NewPort
3. Install Fail2ban

Fail2ban is an application that examines server logs looking for repeated or automated attacks.

You can install Fail2ban by typing:

apt-get install fail2ban

Then copy the included configuration file:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.backup

And restart Fail2ban:

systemctl restart fail2ban
4. Utilize backups and test them regularly

Offsite backups are essential for Linux servers. In the event of an intrusion, these can ensure that critical data remains accessible. They are particularly valuable in the event of ransomware attacks.

The application rsync is a popular option for backing up data on Linux. It comes with a host of features that allows you to make daily backups or exclude certain files from being copied. It is extremely versatile, so it serves as a great option for Linux server security strategies. Feel free to use it on a local basis for backing up files.

To install rsync, use the command:

apt-get install rsync

Don’t forget to check up on the amount of storage space currently used as well as how much is still available.