Hi team,
We have seen Ubuntu 18.04 server hardening here. An ubuntu server created as an EC2 instance on AWS console has slightly different method for hardening.
- First, run following commands.
#apt-get update
#apt-get autoremove - We need to stop auto installation/upgrading of kernel version. Note that, without disabling the auto upgrade the EC2 instance will fetch updates and automatically installs them. This whole process is very time consuming and server may not be available in this time period because of high load. To disable the auto-upgrades of the kernel, run following command.
#vim /etc/apt/apt.conf.d/20auto-upgrade \\the number 20 may vary
and change value of first line to '0' from '1'. - AWS already has key based authentication and strictly non root login for SSH. Hence, we don't need to do much changes in SSH configuration.
- If the Ubuntu server is going to use email functionality, then we have to install spamassassin package to prevent email spamming.
#apt-get install spamassassin spamc
#adduser spamd --disabled-login \\Skip the information of the user by pressing enter
#vim /etc/default/spamassassin
And change below values
ENABLED - > 1
SAHOME - > "/var/log/spamassassin/"
OPTIONS - > "--create-prefs --max-children 5 --username spamd --helper-home-dir /home/spamd/ -s /home/spamd/spamd.log"
CRON - > 1 - If the server is going to use Apache, then we will have to install security mods for apache. To do so, run following command
#apt install -y libapache2-mod-security2 - To install PHP packages in the server, we will have to add repository for the same.
#apt install software-properties-common
#app-apt-repository ppa:ondrej/php
#apt update#apt install phpXX \\XX indicates the version you want to install. e.g apt install php7.4
Installed php version can be checked with the command 'php -v'.