How to secure your KVM VPS
This guide provides some general tips for securing a Linux-based server.
1.Update your system regularly
The first thing you should do to secure your server is to update the local repositories, and upgrade the operating system and installed applications by applying the latest patches.
This update will take place in two steps:
- Updating the package list
- Updating the actual package
2. Changing default SSH port
By default, port 22 is used to establish an SSH connection. This port is automatically configured during the installation of your operating system, therefore server hacking attempts by robots will target this port. Modifying this setting by using a different port is a simple measure to protect your server against automated attacks
To do this, modify the service configuration file:
Find the following or similar lines:
Replace port 22 with a new port. Please do not enter a port number already used on your system!
Then restart your service.
systemctl restart sshd
To establish an SSH connection after this change, enter the following command:
ssh [email protected]_address_of_the_server -p NewPort
3. Install Fail2ban
Fail2ban is an application that examines server logs looking for repeated or automated attacks.
You can install Fail2ban by typing:
apt-get install fail2ban
Then copy the included configuration file:
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.conf.backup
And restart Fail2ban:
systemctl restart fail2ban
4. Utilize backups and test them regularly
Offsite backups are essential for Linux servers. In the event of an intrusion, these can ensure that critical data remains accessible. They are particularly valuable in the event of ransomware attacks.
The application rsync is a popular option for backing up data on Linux. It comes with a host of features that allows you to make daily backups or exclude certain files from being copied. It is extremely versatile, so it serves as a great option for Linux server security strategies. Feel free to use it on a local basis for backing up files.
To install rsync, use the command:
apt-get install rsync
Don’t forget to check up on the amount of storage space currently used as well as how much is still available.