RSS
 

Posts Tagged ‘ufw’

Setting Up an Ubuntu 9.10 (Karmic Koala) Linode VPS

21 Jan

So I was shopping for a VPS over the past week and decided that Linode would be a good choice. My deciding factor? Check out the benchmarks here by Eivind Uggedal (Thanks btw).

So anyway, here’s a summary:

  1. Getting Started with Linode
  2. Setup SSH
  3. Setup Firewall

Getting Started with Linode

Now, basically, you’ll want to follow the Getting Started with Linode guide… for me, just setup your default settings, and connect to the server through SSH.

Once in, you’ll want to secure your system. We’ll do an upgrade.

apt-get update
apt-get upgrade

Now, create your user, change the password, and add it as a sudoer.

adduser -m john
passwd john
# visudo uses nano or vi as the editor depending on your environment, normally it's nano on the first try
# In case you aren't familiar with these, just use your favorite text editor and edit /etc/sudoers
visudo

Look for the line:

root    ALL=(ALL) ALL

And add the following line below it:

john    ALL=(ALL) ALL

Oh and btw, change john to whatever username you wish.

Setup SSH

This is the most important. Brute force attackers will hit the port 22 first and run common usernames and passwords against. If they detect that port 22 is not open, they’ll just give up on your IP, and move on to the next. So this is very, VERY important. I make mine listen to… just kidding. I’m not telling you of course. Anyway, to change the port, edit /etc/ssh/sshd_config (Use whatever text editor you are comfortable with, mine’s VI):

sudo vi /etc/ssh/sshd_config

Edit the following configurations:

Port 22
PermitRootLogin yes

Change listening port to whatever port you might want to listen to (E.G. 22123), and disallow root login (change it to no). Save your file, and restart your SSH service by running:

sudo /etc/init.d/ssh restart

You just made your server 10-fold more secure.

Setup Firewall

So Ubuntu recommends ufw (Uncomplicated Firewall). This isn’t uncomplicated at all if you are used to iptables as you have to relearn the commands. No fear, it’s pretty simple. First up, let’s get it working:

sudo apt-get install ufw
# Next line is depending on the SSH port that you allowed, very, Very, VERY important! =)
sudo ufw allow 22123
# Next 2 lines is if you want HTTP/HTTPS, which you most probably will
sudo ufw allow 80
sudo ufw allow 443

That’s it. If you want to delete the rule again, just run:

sudo ufw delete deny 80

And it’ll remove block the HTTP service.