Skip to content

Securing the Server

Jump to bottom
halomore edited this page Feb 25, 2020 · 1 revision

.

Do NOT FORGET SECURITY BASICS 101

Page Table of Contents

In this section, we will discuss the following steps:

Root Password

First thing to do if you were given a root password from you Server/VPS provider (especially via email) is to change it, please type:-

passwd

NOTE: My system is a mix of German and English, will update images later to English!

Type your chosen password twice (don't worry if you do not see the cursor move, it's meant to stay blank for security reasons) and you should see something like this:-

SUDO user account

Next we want to create a SUDO user account as it's not a good idea to access and run everything with root!

Remember to change YOUR-USERNAME to whatever you want

useradd -m -d /home/YOUR-USERNAME YOUR-USERNAME
usermod -aG sudo YOUR-USERNAME

Here we create a password for your new user (ideally different from your root password)

passwd YOUR-USERNAME
su YOUR-USERNAME
sudo usermod -s /bin/bash YOUR-USERNAME
### Switch to new user home folder ###
cd ~

Example to compare against:-

To exit out of your new user or ssh you can type exit and to change user just type su YOUR-USERNAME

PlexGuide Install

Now we need to install PTS so that Fail2Ban and UFW are installed automatically. NOTE: This step can be skipped if you have already installed PlexGuide

CLICK HERE for methods and come back after you've installed it using the plexguide command.

You're nearly done, 3 more important steps to take!

Fail2Ban

CLICK HERE to set up the Fail2Ban Ban Hammer and come back afterwards.

UFW

UFW is your firewall, we'll just show you the minimum steps needed to protect your Server

sudo ufw status verbose
sudo ufw default allow outgoing
sudo ufw default deny incoming

Make sure to allow ssh or you will not be able to login!

sudo ufw allow ssh
sudo ufw enable

Plenty more info out there if you want to make your server even more secure!

Here are two you can have a read of:-

Reference 1: https://www.cyberciti.biz/faq/howto-configure-setup-firewall-with-ufw-on-ubuntu-linux/

Reference 2: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-14-04

Reboot your Server and login using your new user account as we will switch off root access in the next step!

sudo reboot

SSH Root Access

Finally, we should block root login via ssh as this is what bots tend to hack first!

sudo nano /etc/ssh/sshd_config

Look for PermitRootLogin yes and change the yes to no like this:-

Now to activate it we need to restart the ssh service with:-

sudo service ssh restart

SSH Key Method

- Please feel free to complete this for us!

For further reading check out the following:-

Info on securing servers via this blog: https://blog.devolutions.net/2017/4/10-steps-to-secure-open-ssh

Digital Ocean advice: https://www.digitalocean.com/community/tutorials/7-security-measures-to-protect-your-servers

Visit our Website By Click the Picture Below! N|Demo

N|Solid N|Solid

Wiki - Wiki

Useful Starter Links

  1. Introduction
  2. G-Suite Signup
  3. Recommended NewsHosts
  4. Change Log

Prior Planning 101

  1. Recommended Pre-Reading
  2. Server - Storage Planning
  3. Usenet or BitTorrent
  4. PTS Editions
  5. PTS Folder Structure
  6. PTS-Repos
  7. Common Issues

Deploy & Config

PTS-Team
  1. SSH Server Access
  2. Install PTS
  3. WatchTower
  4. Remote Path Mappings

Data Transport
  1. PTS Clone
    1. Google OAuth Keys
    2. PTS Move
    3. PTS Blitz
    4. 2nd HD Option

Key Components

  1. Traefik
  2. Port Guard
  3. PTS Shield
  4. PTS Press
  5. Google Cloud - GCE
    1. Automated setup
  6. Hetzner Cloud
  7. PTS Fork
  8. Extra PTS Commands

Blitz App Info

  1. Accessing PTS Apps
  2. App Port Scheme

Tools & Services

Core Apps [Expand]
  1. Emby
  2. Jackett
  3. Jellyfin
  4. LazyLibrarian
  5. Lidarr
  6. Netdata
  7. NZBGet
  8. Ombi
  9. Plex
  10. Portainer
  11. qBittorrent
  12. Radarr
  13. Radarr4k
  14. RadarrHDR
  15. RuTorrent
  16. SABNZBD
  17. Sonarr
  18. Sonarr4k
  19. SonarrHDR
  20. Tautulli
  21. JDownloader2
Community Apps [Expand]
  1. AirSonic
  2. Bazarr
  3. Bitwarden
  4. BookSonic
  5. Calibre
  6. cAdvisor
  7. Cloud Commander
  8. Deluge
  9. DelugeVPN
  10. Dozzle
  11. Duplicati
  12. FlexGet
  13. Gazee
  14. Headphones
  15. Heimdall
  16. HomeAssistant
  17. jd2-openvpn
  18. Kitana
  19. Logarr
  20. MakeMKV
  21. MariaDB
  22. McMyadmin
  23. MEDUSA
  24. Mellow
  25. Miniflux
  26. Monitorr
  27. Muximux
  28. Mylar
  29. NextCloud
  30. NowShowing
  31. NZBHydra2
  32. Organizr
  33. plpp
  34. pyLoad
  35. qBittorrent
  36. QBittorrent VPN
  37. radarrsyncarr
  38. Resilio
  39. rflood-openvpn
  40. rutorrent-openvpn
  41. Shoko Anime Server
  42. SpeedTest
  43. SyncLounge
  44. Teamspeak3
  45. The Lounge
  46. Transmission
  47. Trakt.or
  48. Ubooquity
  49. Varken
  50. vnc-xfce
  51. ZeroTier

Misc Info & Articles

  1. Change Server Time
  2. Fail2Ban
  3. Custom Containers
  4. Deploying Varken, Influx, Telegraf, Grafana
  5. cloneclean commands
  6. Understanding htop
Scripts
  1. Scripting Area
    1. Auto Upload for Sonarr and Lidarr
    2. Auto Delete Log
    3. Plex Plugin DB Backup
    4. Plex fast BACKUP
    5. Delete All Unmonitored from Radarr
Clone this wiki locally