What to do before connecting Ubuntu Server to the internet for the first time?

by

I just finished installing Ubuntu Server 12.10 on an Asus Eee PC 1000H (to be used as a home server/sandbox) from USB. I installed this software during installation:

  1. OpenSSH server
  2. LAMP server
  3. Samba file server
  4. Virtual Machine host

I won’t use 2, 3 or 4 for a while though. Can/should I turn these off somehow?

  • I have turned home directory encryption on.
  • Security updates are installed automatically.
  • I have chosen a strong password for the single user.

I have never plugged in the internet cable so far. Before doing so I’d like to ask:

What can/should I do/install to increase security before connecting to the internet?

Firewall? Fail2ban? Users/Passwords? Encryption? Enable/Disable functionality? etc.

I’m sorry if you get this question a lot. I’ve searched around quite a while, but it still feels like I might overlook something important.

Answer

If you are connecting this server to a router that multiple devices connect to in order to access the internet, your network is likely behind a NAT firewall already, so unless you specifically configure your router to allow it, no one, including you, can contact your server from the outside anyway.

If you’re plugging straight into the internet, totally different story. I’d recommend the following:

  1. Learn either iptables or ufw, both of which are firewall config tools that come with Ubuntu. If you’re doing anything with any kind of Linux server, these are practically a must anyway. They both let you be very specific about how your server can be accessed, and from where. Usually the firewall has everything open by default, and you will want to configure your server firewall to have everything CLOSED by default and only open what you need.

https://help.ubuntu.com/community/UFW

http://www.netfilter.org/projects/iptables/index.html

  1. Make sure to know all the port numbers for ALL the servers you’ll have running. Based on what you list, SSH is port 22 by default, so definitely close that, and fail2ban is a recommended tool as well. Might want to change the default port for SSH from 22 to something else, which can be done in the SSH config file. With a LAMP stack, you have 80 and possibly 443 to watch, and MySQL runs on 3306 but usually MySQL only listens on localhost by default. Samba listens on 137-139 and 445.

Attribution
Source : Link , Question Author : CodeMonkey , Answer Author : trpt4him

Leave a Comment