AWS Ubuntu hardening

Hi team,

 

We have seen Ubuntu 18.04 server hardening here. An ubuntu server created as an EC2 instance on AWS console has slightly different method for hardening.

 

  1. First, run following commands.
    #apt-get update
    #apt-get autoremove

  2. We need to stop auto installation/upgrading of kernel version. Note that, without disabling the auto upgrade the EC2 instance will fetch updates and automatically installs them. This whole process is very time consuming and server may not be available in this time period because of high load. To disable the auto-upgrades of the kernel, run following command.
    #vim /etc/apt/apt.conf.d/20auto-upgrade            \\the number 20 may vary


    and change value of first line to '0' from '1'.

  3. AWS already has key based authentication and strictly non root login for SSH. Hence, we don't need to do much changes in SSH configuration.

  4. If the Ubuntu server is going to use email functionality, then we have to install spamassassin package to prevent email spamming.

    #apt-get install spamassassin spamc
    #
    adduser spamd --disabled-login                          \\Skip the information of the user by pressing enter
    #vim
    /etc/default/spamassassin
    And change below values

    ENABLED - > 1
    SAHOME -
    > "/var/log/spamassassin/"
    OPTIONS -
    > "--create-prefs --max-children 5 --username spamd --helper-home-dir /home/spamd/ -s /home/spamd/spamd.log"
    CRON -
    > 1


  5. If the server is going to use Apache, then we will have to install security mods for apache. To do so, run following command
    #
    apt install -y libapache2-mod-security2


  6. To install PHP packages in the server, we will have to add repository for the same.
    #apt install software-properties-common
    #app-apt-repository ppa:ondrej/php
    #apt update
    #apt install phpXX              \\XX indicates the version you want to install. e.g apt install php7.4

    Installed php version can be checked with the command 'php -v'.
  • 0 A felhasználók hasznosnak találták ezt
Hasznosnak találta ezt a választ?

Kapcsolódó cikkek

New joinee induction checklist

  Induction checklist of New Joinee                 Name of New...

Requirement Gathering

  Whenever we are discussing with client and understanding their needs, few things...

Setup Tally on Cloud

  Hi, Setting up Tally on Cloud is simple task task. Following are steps to follow 1.     Set...

Gaming - setting up server

  Hi, Setting up windows server for gaming is very crucial step when it come to game renderning....

Gaming - order processing

  Once there is an order placed by user for gaming, it will be notified via email and in WHMCS...

Powered by WHMCompleteSolution