Summary
In this chapter, we looked at the ways in which we can harden the security of our server. A single chapter or book can never give you an all-inclusive list of all the security settings you can possibly configure, but the examples we worked through in this chapter are a great starting point. Along the way, we looked at the concepts of lowering your attack surface, as well as the principle of least privilege. We also looked into securing OpenSSH, which is a common service that many attackers will attempt to use in their favor. We also looked into Fail2ban
, which is a handy daemon that can block other nodes when there are a certain number of authentication failures. We also discussed configuring our firewall, using the Uncomplicated Firewall (UFW) utility. Since data theft is also unfortunately common, we covered encrypting our backup disks.
In Chapter 13, Troubleshooting Ubuntu Servers, we'll take a look at troubleshooting our server when things go wrong.