And you can get it here: blm849/supersimplehardening: A super simple way to harden your server.
I create a lot of Ubuntu test servers, and I find that as soon as I create a Ubuntu server on a cloud environment, it gets immediately attacked by automated software. This is obviously a concern. A bigger concern is that when I went searching for recommendations on how to harden such a server, I found a wide variety of recommendations! It can be hard to know what to do. Still, I needed something. As a result, I created this package of scripts. The scripts do a number of things:
- prevent direct root login to your server via ssh. This was one of the things I saw consistently happen and once someone cracks the root access on your machine, it’s game over.
- stop some basic security holes, like IP spoofing
- download some useful software, like logwatch, ufw and others
- upgrade all software on the server
This is just a very very limited number of things to prevent attacks. But it is better than nothing.
If you install Apache, PHP, MySQL or other software on your machine, there are even more attacks that will be launched against it. I recommend you get a firewall up and running and at least run logwatch on a regular basis to look for potential attacks being launched against you.
Finally, if it is important for you to secure your server, don’t stop with my scripts. Go out and consult with IT security specialists right away.