- \n
- 1 server (e.g. with Hetzner)<\/li>\n<\/ul>\n
Step 1 \u2013 Initial Setup and Basic Security<\/h2>\n
After you have created your server, follow steps 1 through 5 in the \u201cInitial Server Setup with Ubuntu\u201d tutorial. It explains how to:<\/p>\n
- \n
- Create a new user with sudo permissions<\/li>\n
- Add an SSH key<\/li>\n<\/ul>\n
After completing the first 5 steps of the linked tutorial and connecting to the new sudo user, you can continue with the steps below.<\/p>\n
System update<\/h2>\n
The first thing you should do is check for updates, as outdated software can have vulnerabilities that are easily exploited. It's easier than you think; just run these two commands:<\/p>\n
\nsudo apt update\r\nsudo apt upgrade<\/code><\/pre>\n<\/div>\nEasy, right? We've now made sure we're using the latest versions.<\/p>\n
Secure SSH access<\/h2>\n
When someone targets your server, the first thing they will probably try is accessing it via SSH. They often do this with bots and multiple methods. So securing SSH access is very important.<\/p>\n
Edit the configuration file:<\/p>\n
\nsudo nano \/etc\/ssh\/sshd_config\r\n<\/code><\/pre>\n<\/div>\n- \n
- Disable root access<\/li>\n<\/ul>\n
Find the line \u201cPermitRootLogin\u201d and change it to \u201cno\u201d.<\/p>\n
- \n
- Disable password entry<\/li>\n<\/ul>\n
If you added an SSH key as suggested above, you can disable password entry.<\/p>\n
- \n
- \n
- \n
- \u201cFind \u201dPasswordAuthentication\u201c and set it to \u201dno\u201d.<\/li>\n
- \u201cFind \u201dPubkeyAuthentication\u201c and set it to \u201dYes.\u201d.<\/li>\n<\/ul>\n<\/li>\n
- Change the default SSH port<\/li>\n<\/ul>\n
Just by changing that, we can eliminate most of the automated bot attacks, as most of them are fake bots and try to access SSH through port 22.<\/p>\n
Find the line \u201c#Port 22\u201d and change it to something like \u201cPort 2222\u201d (or change 2222 to whatever you want).<\/p>\n
Save the changes and check if the port has been changed successfully:<\/p>\n
\nsudo systemctl restart ssh.service\r\nsudo systemctl status ssh<\/code><\/pre>\n<\/div>\nMake sure it says Server listening on :: port 2222.<\/p>\n
If port 2222 is specified, you can run the following to terminate the connection to the server and check if the connection to the new port works:<\/p>\n
\nssh -p 2222 holu@<203.0.113.1>\r\n<\/code><\/pre>\n<\/div>\nIf you can connect to the port you set, you can continue the tutorial.<\/p>\n
Configure a firewall<\/h2>\n
We will use \u201cufw\u201d to manage firewall rules. It is designed to be easy to use and uses a command line interface. Ufw is probably already installed on your system, but you can run this command to make sure it is installed:<\/p>\n
\nsudo apt install ufw\r\n<\/code><\/pre>\n<\/div>\nNext, we will deny all incoming network traffic unless specifically allowed by other rules. This is essential to securing your server by only allowing traffic that you explicitly allow. You will need to run this command:<\/p>\n
\nsudo ufw default deny incoming\r\n<\/code><\/pre>\n<\/div>\nNext, we allow all outbound network traffic. This is usually secure and allows your server to communicate with other servers or services without restrictions. Run this command:<\/p>\n
\nsudo ufw default allow outgoing\r\n<\/code><\/pre>\n<\/div>\nNow we need to allow our SSH port to connect to our server via SSH. Just make sure to change 2222 to your SSH port if you specified something else and run this command:<\/p>\n
\nsudo ufw allow 2222\/tcp\r\n<\/code><\/pre>\n<\/div>\nFinally, we need to enable our firewall rules:<\/p>\n
\nsudo ufw enable\r\n<\/code><\/pre>\n<\/div>\nFail2Ban<\/h2>\n
We changed our SSH port and set up our firewall. But what happens if a bot finds our port and still tries to access our server via SSH? This would be a brute force attack and we can protect our server with Fail2Ban. This software bans IPs that show signs or malicious attempts. To install and enable Fail2Ban you need to run these three commands:<\/p>\n
\nsudo apt install fail2ban\r\nsudo systemctl enable fail2ban\r\nsudo systemctl start fail2ban<\/code><\/pre>\n<\/div>\nYou can also customize Fail2Ban settings by editing the configuration files in the \/etc\/fail2ban\/ folder. For more detailed information and best practices, you can check out the Fail2Ban documentation.<\/p>\n
Great! You've taken a big step and now have a more protected server. For now, you just need to perform regular maintenance from time to time. We'll explain what you need to do in the next section.<\/p>\n
Step 2 \u2013 Regular Maintenance<\/h2>\n
- \n
- System update<\/li>\n<\/ul>\n
First, we need to check if there are any updates for our system. Run this command:<\/p>\n
\nsudo apt update && sudo apt upgrade -y\r\n<\/code><\/pre>\n<\/div>\n- \n
- Monitor reports<\/li>\n<\/ul>\n
You should regularly check your system logs to detect unusual activity. Logwatch can help you automate this process. You can install logwatch with this command:<\/p>\n
\nsudo apt install logwatch\r\n<\/code><\/pre>\n<\/div>\nYou can check out more detailed information, how to set up daily reports, and see what the reports look like from this guide.<\/p>\n
- \n
- Check disk usage.<\/li>\n<\/ul>\n
Just to make sure you have enough space to run your server, check your remaining disk space with this command:<\/p>\n
\ndf -h\r\n<\/code><\/pre>\n<\/div>\n- \n
- Back up your data.<\/li>\n<\/ul>\n
You should always have multiple backups to make sure you can recover from a disaster if your server is completely deleted or becomes inaccessible. Luckily, Hetzner has an automated backup solution for cloud servers and you can check it out in the official documentation. If you want to set up your own backup, you can use tools like \u201crsync\u201d or \u201cDuplicity\u201d.<\/p>\n
- \n
- Audit user accounts<\/li>\n<\/ul>\n
Don't forget to regularly check the user accounts on the server. Make sure that only authorized users have access to your server. Remove any accounts that are no longer needed. You can check the user accounts by running this command:<\/p>\n
\nsudo nano \/etc\/passwd\r\n<\/code><\/pre>\n<\/div>\n- \n
- Check for Rootkits and Malware<\/li>\n<\/ul>\n
To quickly scan your server, you can use tools like \u201crkhunter\u201d and \u201cchkrootkit\u201d. These tools will help you check for possible rootkits, backdoors, and local exploits and make sure everything is in order. Run these commands to make sure rkhunter is installed and check:<\/p>\n
\nsudo apt install rkhunter\r\nsudo rkhunter --check<\/code><\/pre>\n<\/div>\n<\/p>\n
- \n
- System performance monitoring<\/li>\n<\/ul>\n
Finally, you can quickly check the system performance to make sure there are no resource bottlenecks while running the software. There are tools like "htop", "top" or "atop". But you can just run this command:<\/p>\n
\nhtop<\/code><\/pre>\n<\/div>\nStep 3 \u2013 More Security Tools<\/h2>\n
- \n
- Use intrusion detection systems.<\/li>\n<\/ul>\n
You can use tools like \u201cAIDE\u201d (Advanced Intrusion Detection Environment) to monitor your system changes. It creates a database of your files and folders and compares your system against that database to ensure file integrity. You can check out more details from its repository. For initial use, you can install it with this command:<\/p>\n
\nsudo apt install aide\r\n<\/code><\/pre>\n<\/div>\nStart and generate the database with these commands:<\/p>\n
\nsudo aideinit\r\nsudo cp \/var\/lib\/aide\/aide.db.new \/var\/lib\/aide\/aide.db<\/code><\/pre>\n<\/div>\nAnd compare your system with the database using this command:<\/p>\n
\nsudo aide --config \/etc\/aide\/aide.conf --check\r\n<\/code><\/pre>\n<\/div>\n- \n
- Enable two-factor authentication (2FA)<\/li>\n<\/ul>\n
You can also set up 2FA (two-factor authentication) to log in to your server via SSH. This adds an extra layer of protection and reduces the risk of unauthorized access. You can install it with this command:<\/p>\n
\nsudo apt install libpam-google-authenticator\r\n<\/code><\/pre>\n<\/div>\nAnd run this command to launch it:<\/p>\n
\ngoogle-authenticator\r\n<\/code><\/pre>\n<\/div>\n- \n
- Secure web applications<\/li>\n<\/ul>\n
If you are running web applications on your server, make sure you follow their best practices and update them regularly. For example, if you are running WordPress, you should always use the latest version of WordPress and also keep all plugins and themes updated. In addition, you should install a proper WordPress security plugin. This will reduce the risk of unauthorized access to your server and applications.<\/p>\n
Step 4 \u2013 Incident Response Plan<\/h2>\n
This plan can be very detailed in large organizations, but we'll keep it simple and workable for small entertainment servers. That's why I've prepared a 3-step plan for you.<\/p>\n
- \n
- Preparation<\/li>\n<\/ul>\n
For this section, you should create a small text file or note in your notepad program about your server information. Include information such as the server architecture, the software it's running, where your backups and logs are stored, and your configurations. Keep this note somewhere safe. You can check out this example as a starting point:<\/p>\n
Server information<\/h5>\n
\n\n
\n \nInfo<\/th>\n Description<\/th>\n<\/tr>\n<\/thead>\n \n Server Name<\/td>\n MyServer01<\/td>\n<\/tr>\n \n IP Address<\/td>\n 192.168.1.100<\/td>\n<\/tr>\n \n Operating System<\/td>\n Ubuntu 24.04 LTS<\/td>\n<\/tr>\n \n CPU<\/td>\n 4 vCPUs<\/td>\n<\/tr>\n \n RAM<\/td>\n 8GB<\/td>\n<\/tr>\n \n Storage<\/td>\n 100GB SSD<\/td>\n<\/tr>\n \n SSH Port<\/td>\n 2222<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n - \n
- \n
- \n
- Software and Services: Nginx 1.18.0, PostgreSQL 13, Django 3.1<\/li>\n
- Backup: Dual, daily, \/mnt\/backup and remote storage in AWS S3, 30-day retention<\/li>\n
- Nginx configuration: \/etc\/nginx\/nginx.conf<\/li>\n
- PostgreSQL configuration: \/etc\/postgresql\/13\/main\/postgresql.conf<\/li>\n
- Django configuration: \/home\/myuser\/myapp\/settings.py<\/li>\n
- UFW configuration: \/etc\/ufw\/ufw.conf<\/li>\n<\/ul>\n<\/li>\n
- Identification<\/li>\n<\/ul>\n
At this point you need to check what the problem is with your server. Is the problem or breach related to your web application, the server itself, or one of the databases inside your server? If you are not sure, always assume that everything is at risk. So you need to start checking everything again, starting with the server.<\/p>\n
- \n
- Improvement<\/li>\n<\/ul>\n
Restore damaged systems in this section. If you can't access your server, you should restore from a server backup. If one of your web applications is down, you may only need to restore from its backup. Make sure everything is restored, tested, working as expected, and you've run a security scan.<\/p>\n
Result<\/h2>\n
Securing your server requires a combination of best practices and regular maintenance. By following the steps outlined in this post, you can significantly increase your server security and protect your valuable data. Remember, security is an ongoing process, so don't forget to check your servers regularly.<\/p>\n
<\/p>","protected":false},"excerpt":{"rendered":"Introduction I remember my first servers. I did almost nothing to keep them secure\u2026","protected":false},"author":1,"featured_media":15998,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_yoast_wpseo_focuskw":"\u0686\u06af\u0648\u0646\u0647 \u0633\u0631\u0648\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 \u062e\u0648\u062f \u0631\u0627 \u0627\u06cc\u0645\u0646 \u0646\u06af\u0647 \u062f\u0627\u0631\u06cc\u062f","_yoast_wpseo_title":"","_yoast_wpseo_metadesc":"","_yoast_wpseo_canonical":"","_yoast_wpseo_opengraph-description":"","_yoast_wpseo_opengraph-image":"","_yoast_wpseo_twitter-description":"","_yoast_wpseo_twitter-image":"","_yoast_wpseo_focuskeywords":"","_yoast_wpseo_primary_category":"193","footnotes":""},"categories":[193,324,204],"tags":[404,368],"class_list":{"0":"post-15997","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tutorials","8":"category-security","9":"category-servers","10":"tag-security","11":"tag-ubuntu"},"yoast_head":"\n
\u0686\u06af\u0648\u0646\u0647 \u0633\u0631\u0648\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 \u062e\u0648\u062f \u0631\u0627 \u0627\u06cc\u0645\u0646 \u0646\u06af\u0647 \u062f\u0627\u0631\u06cc\u062f - \u0628\u0644\u0627\u06af ITPiran<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.itpiran.net\/blog\/en\/tutorials\/security-ubuntu-settings-firewall-tools\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u0686\u06af\u0648\u0646\u0647 \u0633\u0631\u0648\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 \u062e\u0648\u062f \u0631\u0627 \u0627\u06cc\u0645\u0646 \u0646\u06af\u0647 \u062f\u0627\u0631\u06cc\u062f - \u0628\u0644\u0627\u06af ITPiran\" \/>\n<meta property=\"og:description\" content=\"\u0645\u0642\u062f\u0645\u0647 \u0627\u0648\u0644\u06cc\u0646 \u0633\u0631\u0648\u0631\u0647\u0627\u06cc\u0645 \u0631\u0627 \u0628\u0647 \u06cc\u0627\u062f \u062f\u0627\u0631\u0645. \u0645\u0646 \u062a\u0642\u0631\u06cc\u0628\u0627\u064b \u0647\u06cc\u0686 \u06a9\u0627\u0631\u06cc \u0628\u0631\u0627\u06cc \u0627\u06cc\u0645\u0646 \u0646\u06af\u0647 \u062f\u0627\u0634\u062a\u0646 \u0622\u0646\u0647\u0627 \u0627\u0646\u062c\u0627\u0645 \u0646\u062f\u0627\u062f\u0645…\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.itpiran.net\/blog\/en\/tutorials\/security-ubuntu-settings-firewall-tools\/\" \/>\n<meta property=\"og:site_name\" content=\"\u0628\u0644\u0627\u06af ITPiran\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-03T22:02:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.itpiran.net\/2024\/08\/03195628\/Ubuntu-security.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1793\" \/>\n\t<meta property=\"og:image:height\" content=\"1110\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/security-ubuntu-settings-firewall-tools\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/security-ubuntu-settings-firewall-tools\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#\\\/schema\\\/person\\\/04ed27b919baca468a2273f8e4318f81\"},\"headline\":\"\u0686\u06af\u0648\u0646\u0647 \u0633\u0631\u0648\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 \u062e\u0648\u062f \u0631\u0627 \u0627\u06cc\u0645\u0646 \u0646\u06af\u0647 \u062f\u0627\u0631\u06cc\u062f\",\"datePublished\":\"2024-08-03T22:02:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/security-ubuntu-settings-firewall-tools\\\/\"},\"wordCount\":115,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/security-ubuntu-settings-firewall-tools\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cdn.itpiran.net\\\/2024\\\/08\\\/03195628\\\/Ubuntu-security.jpg\",\"keywords\":[\"Security\",\"Ubuntu\"],\"articleSection\":[\"\u0622\u0645\u0648\u0632\u0634\u06cc\",\"\u0627\u0645\u0646\u06cc\u062a\",\"\u0633\u0631\u0648\u0631\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/security-ubuntu-settings-firewall-tools\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/security-ubuntu-settings-firewall-tools\\\/\",\"url\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/security-ubuntu-settings-firewall-tools\\\/\",\"name\":\"\u0686\u06af\u0648\u0646\u0647 \u0633\u0631\u0648\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 \u062e\u0648\u062f \u0631\u0627 \u0627\u06cc\u0645\u0646 \u0646\u06af\u0647 \u062f\u0627\u0631\u06cc\u062f - \u0628\u0644\u0627\u06af ITPiran\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/security-ubuntu-settings-firewall-tools\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/security-ubuntu-settings-firewall-tools\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/cdn.itpiran.net\\\/2024\\\/08\\\/03195628\\\/Ubuntu-security.jpg\",\"datePublished\":\"2024-08-03T22:02:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/security-ubuntu-settings-firewall-tools\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/security-ubuntu-settings-firewall-tools\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/security-ubuntu-settings-firewall-tools\\\/#primaryimage\",\"url\":\"https:\\\/\\\/cdn.itpiran.net\\\/2024\\\/08\\\/03195628\\\/Ubuntu-security.jpg\",\"contentUrl\":\"https:\\\/\\\/cdn.itpiran.net\\\/2024\\\/08\\\/03195628\\\/Ubuntu-security.jpg\",\"width\":1793,\"height\":1110},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/tutorials\\\/security-ubuntu-settings-firewall-tools\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u0622\u0645\u0648\u0632\u0634\u06cc\",\"item\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/category\\\/tutorials\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"\u0686\u06af\u0648\u0646\u0647 \u0633\u0631\u0648\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 \u062e\u0648\u062f \u0631\u0627 \u0627\u06cc\u0645\u0646 \u0646\u06af\u0647 \u062f\u0627\u0631\u06cc\u062f\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/\",\"name\":\"\u0628\u0644\u0627\u06af ITPiran\",\"description\":\"\u0627\u062e\u0628\u0627\u0631 \u0648 \u0645\u0642\u0627\u0644\u0627\u062a \u062a\u062c\u0627\u0631\u062a \u067e\u0627\u06cc\u062f\u0627\u0631 \u0627\u06cc\u0631\u0627\u0646\u06cc\u0627\u0646\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#organization\",\"name\":\"\u0628\u0644\u0627\u06af \u062a\u062c\u0627\u0631\u062a \u067e\u0627\u06cc\u062f\u0627\u0631 \u0627\u06cc\u0631\u0627\u0646\u06cc\u0627\u0646\",\"alternateName\":\"ITPIran Blog\",\"url\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/cdn.itpiran.net\\\/2023\\\/12\\\/27150508\\\/cropped-ITPIRAN-BLOG-LOGO-2.png\",\"contentUrl\":\"https:\\\/\\\/cdn.itpiran.net\\\/2023\\\/12\\\/27150508\\\/cropped-ITPIRAN-BLOG-LOGO-2.png\",\"width\":512,\"height\":512,\"caption\":\"\u0628\u0644\u0627\u06af \u062a\u062c\u0627\u0631\u062a \u067e\u0627\u06cc\u062f\u0627\u0631 \u0627\u06cc\u0631\u0627\u0646\u06cc\u0627\u0646\"},\"image\":{\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/#\\\/schema\\\/person\\\/04ed27b919baca468a2273f8e4318f81\",\"name\":\"admin\",\"url\":\"https:\\\/\\\/www.itpiran.net\\\/blog\\\/en\\\/author\\\/admin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Keep Your Ubuntu Server Secure - ITPiran Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.itpiran.net\/blog\/en\/tutorials\/security-ubuntu-settings-firewall-tools\/","og_locale":"en_US","og_type":"article","og_title":"\u0686\u06af\u0648\u0646\u0647 \u0633\u0631\u0648\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 \u062e\u0648\u062f \u0631\u0627 \u0627\u06cc\u0645\u0646 \u0646\u06af\u0647 \u062f\u0627\u0631\u06cc\u062f - \u0628\u0644\u0627\u06af ITPiran","og_description":"\u0645\u0642\u062f\u0645\u0647 \u0627\u0648\u0644\u06cc\u0646 \u0633\u0631\u0648\u0631\u0647\u0627\u06cc\u0645 \u0631\u0627 \u0628\u0647 \u06cc\u0627\u062f \u062f\u0627\u0631\u0645. \u0645\u0646 \u062a\u0642\u0631\u06cc\u0628\u0627\u064b \u0647\u06cc\u0686 \u06a9\u0627\u0631\u06cc \u0628\u0631\u0627\u06cc \u0627\u06cc\u0645\u0646 \u0646\u06af\u0647 \u062f\u0627\u0634\u062a\u0646 \u0622\u0646\u0647\u0627 \u0627\u0646\u062c\u0627\u0645 \u0646\u062f\u0627\u062f\u0645…","og_url":"https:\/\/www.itpiran.net\/blog\/en\/tutorials\/security-ubuntu-settings-firewall-tools\/","og_site_name":"\u0628\u0644\u0627\u06af ITPiran","article_published_time":"2024-08-03T22:02:33+00:00","og_image":[{"width":1793,"height":1110,"url":"https:\/\/cdn.itpiran.net\/2024\/08\/03195628\/Ubuntu-security.jpg","type":"image\/jpeg"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/security-ubuntu-settings-firewall-tools\/#article","isPartOf":{"@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/security-ubuntu-settings-firewall-tools\/"},"author":{"name":"admin","@id":"https:\/\/www.itpiran.net\/blog\/#\/schema\/person\/04ed27b919baca468a2273f8e4318f81"},"headline":"\u0686\u06af\u0648\u0646\u0647 \u0633\u0631\u0648\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 \u062e\u0648\u062f \u0631\u0627 \u0627\u06cc\u0645\u0646 \u0646\u06af\u0647 \u062f\u0627\u0631\u06cc\u062f","datePublished":"2024-08-03T22:02:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/security-ubuntu-settings-firewall-tools\/"},"wordCount":115,"commentCount":0,"publisher":{"@id":"https:\/\/www.itpiran.net\/blog\/#organization"},"image":{"@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/security-ubuntu-settings-firewall-tools\/#primaryimage"},"thumbnailUrl":"https:\/\/cdn.itpiran.net\/2024\/08\/03195628\/Ubuntu-security.jpg","keywords":["Security","Ubuntu"],"articleSection":["\u0622\u0645\u0648\u0632\u0634\u06cc","\u0627\u0645\u0646\u06cc\u062a","\u0633\u0631\u0648\u0631"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.itpiran.net\/blog\/tutorials\/security-ubuntu-settings-firewall-tools\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/security-ubuntu-settings-firewall-tools\/","url":"https:\/\/www.itpiran.net\/blog\/tutorials\/security-ubuntu-settings-firewall-tools\/","name":"How to Keep Your Ubuntu Server Secure - ITPiran Blog","isPartOf":{"@id":"https:\/\/www.itpiran.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/security-ubuntu-settings-firewall-tools\/#primaryimage"},"image":{"@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/security-ubuntu-settings-firewall-tools\/#primaryimage"},"thumbnailUrl":"https:\/\/cdn.itpiran.net\/2024\/08\/03195628\/Ubuntu-security.jpg","datePublished":"2024-08-03T22:02:33+00:00","breadcrumb":{"@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/security-ubuntu-settings-firewall-tools\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.itpiran.net\/blog\/tutorials\/security-ubuntu-settings-firewall-tools\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/security-ubuntu-settings-firewall-tools\/#primaryimage","url":"https:\/\/cdn.itpiran.net\/2024\/08\/03195628\/Ubuntu-security.jpg","contentUrl":"https:\/\/cdn.itpiran.net\/2024\/08\/03195628\/Ubuntu-security.jpg","width":1793,"height":1110},{"@type":"BreadcrumbList","@id":"https:\/\/www.itpiran.net\/blog\/tutorials\/security-ubuntu-settings-firewall-tools\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.itpiran.net\/blog\/"},{"@type":"ListItem","position":2,"name":"\u0622\u0645\u0648\u0632\u0634\u06cc","item":"https:\/\/www.itpiran.net\/blog\/category\/tutorials\/"},{"@type":"ListItem","position":3,"name":"\u0686\u06af\u0648\u0646\u0647 \u0633\u0631\u0648\u0631 \u0627\u0648\u0628\u0648\u0646\u062a\u0648 \u062e\u0648\u062f \u0631\u0627 \u0627\u06cc\u0645\u0646 \u0646\u06af\u0647 \u062f\u0627\u0631\u06cc\u062f"}]},{"@type":"WebSite","@id":"https:\/\/www.itpiran.net\/blog\/#website","url":"https:\/\/www.itpiran.net\/blog\/","name":"ITPiran Blog","description":"Iranian Sustainable Trade News and Articles","publisher":{"@id":"https:\/\/www.itpiran.net\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.itpiran.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.itpiran.net\/blog\/#organization","name":"Sustainable Iranian Business Blog","alternateName":"ITPIran Blog","url":"https:\/\/www.itpiran.net\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.itpiran.net\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/cdn.itpiran.net\/2023\/12\/27150508\/cropped-ITPIRAN-BLOG-LOGO-2.png","contentUrl":"https:\/\/cdn.itpiran.net\/2023\/12\/27150508\/cropped-ITPIRAN-BLOG-LOGO-2.png","width":512,"height":512,"caption":"\u0628\u0644\u0627\u06af \u062a\u062c\u0627\u0631\u062a \u067e\u0627\u06cc\u062f\u0627\u0631 \u0627\u06cc\u0631\u0627\u0646\u06cc\u0627\u0646"},"image":{"@id":"https:\/\/www.itpiran.net\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.itpiran.net\/blog\/#\/schema\/person\/04ed27b919baca468a2273f8e4318f81","name":"admin","url":"https:\/\/www.itpiran.net\/blog\/en\/author\/admin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/posts\/15997","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/comments?post=15997"}],"version-history":[{"count":2,"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/posts\/15997\/revisions"}],"predecessor-version":[{"id":16003,"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/posts\/15997\/revisions\/16003"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/media\/15998"}],"wp:attachment":[{"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/media?parent=15997"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/categories?post=15997"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itpiran.net\/blog\/en\/wp-json\/wp\/v2\/tags?post=15997"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Improvement<\/li>\n<\/ul>\n
- \n
- Preparation<\/li>\n<\/ul>\n
- Secure web applications<\/li>\n<\/ul>\n
- Enable two-factor authentication (2FA)<\/li>\n<\/ul>\n
- Use intrusion detection systems.<\/li>\n<\/ul>\n
- System performance monitoring<\/li>\n<\/ul>\n
- Check for Rootkits and Malware<\/li>\n<\/ul>\n
- Audit user accounts<\/li>\n<\/ul>\n
- Back up your data.<\/li>\n<\/ul>\n
- Check disk usage.<\/li>\n<\/ul>\n
- Monitor reports<\/li>\n<\/ul>\n
- System update<\/li>\n<\/ul>\n
- \n
- Disable password entry<\/li>\n<\/ul>\n
- Disable root access<\/li>\n<\/ul>\n
![\"\"](\"https:\/\/cdn.itpiran.net\/2024\/08\/04012030\/1.png\")
<\/p>\n![\"\"](\"https:\/\/cdn.itpiran.net\/2024\/08\/04012201\/2.png\")
<\/p>\n