VPS server security configuration in Ubuntu

A month ago, I migrated my blog to DigitalOcean's VPS. I originally considered using CentOS. However, if I use Ubuntu Server, I would be entitled to a $20 credit card while CentOS would be only $10, therefore, we use Ubuntu12.04 as the VPS system. After entering the system via SSH, we can see that DigitalOcean has reinforced the system and can omit some security configurations. However, the basic security configuration is still required. The following are the steps for configuring the security of my Ubuntu VPS system for your reference.

The service is installed with LAMP + VSFTP as the Wordpress service program, and the PPTP service is activated for VPN Wall-over.

1. Modify the root password. Do not let me talk about it. The first step after SSH enters the system

The code is as follows:	Copy code
Passwd

2. Create a new user to replace the root role. In most cases, you do not need to use root, but use sudo if necessary.

The code is as follows:	Copy code
# Use username = lidaren # Add a user. The user directory is/home/lidaren Shell. The lidaren sub-group of the bash main user group is sudo, adm, and root. Generally, set the sub-group to sudo, Useradd-d/home/lidaren-m-s/bin/bash-g lidaren-G sudo, adm, root lidaren Passwd lidaren # set the user password

3. Modify SSH configuration, modify the/etc/ssh/sshd_config file, and disable root access.

The code is as follows:	Copy code
# Modify the port, except for 22 Port 60022 # Prohibit root users from logging on through ssh PermitRootLogin no # Prohibit users from logging on with a blank password PermitEmptyPasswords no # Limit the number of retries after logon failure MaxAuthTries 3 # Login user restrictions AllowUsers lidaren

Reset sshd after completion

The code is as follows:	Copy code
/Etc/init. d/sshd reload Or /Etc/init. d/sshd restart

Log out and log in with the newly created user.

4. Before leaving, remember to execute

The code is as follows:	Copy code
Rm/root/. bash_history Rm/root/. mysql_history