Ways to harden Ubuntu 18.04 Server












-1















I am running an Ubuntu 18.04.2 web server, and am looking for ways to harden it against attacks and others. I know this may be broad; I do not wish to add a question for every possible aspect



I've googled around and found little advice on this



Some limitations:



SSH keys are difficult/impossible to use on Android(my primary device) because permissions are not manageable on unrooted device and AWS require the key to not be public viewable. If someone know how to edit the permission correctly on Android with no root, please let me know



I refuse to lock the root account- try entering your 32 randomized character password 3 times in as many minutes. For me, it's just not worth it having multiple accounts on one server(root enabled by default)










share|improve this question









New contributor




colbycdev is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • I will vote to close this question as it is too broad. And for root password, a good security practice is to have a 128 randomized character password and to write that on a pize of paper that is put into a sealed envelope into the bank valve and only used in an emergency. Add a user account and add it to the sudoers group.

    – MatsK
    7 hours ago






  • 1





    You can use SSH keys on Android. Any server with password based authentication exposed to the Internet is a ticking time bomb.

    – Kristopher Ives
    6 hours ago











  • You can't use keys last I tried; the permission can't be set on a non rooted drvice and the keys won't work without certain permission (not public viewable).At least with an AWS server

    – colbycdev
    11 mins ago













  • Too broad a question? What should I do, ask a separate question for each of the many possible aspects? Also, tried the sudoers thing-muss the part about re-entering my password?

    – colbycdev
    10 mins ago


















-1















I am running an Ubuntu 18.04.2 web server, and am looking for ways to harden it against attacks and others. I know this may be broad; I do not wish to add a question for every possible aspect



I've googled around and found little advice on this



Some limitations:



SSH keys are difficult/impossible to use on Android(my primary device) because permissions are not manageable on unrooted device and AWS require the key to not be public viewable. If someone know how to edit the permission correctly on Android with no root, please let me know



I refuse to lock the root account- try entering your 32 randomized character password 3 times in as many minutes. For me, it's just not worth it having multiple accounts on one server(root enabled by default)










share|improve this question









New contributor




colbycdev is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • I will vote to close this question as it is too broad. And for root password, a good security practice is to have a 128 randomized character password and to write that on a pize of paper that is put into a sealed envelope into the bank valve and only used in an emergency. Add a user account and add it to the sudoers group.

    – MatsK
    7 hours ago






  • 1





    You can use SSH keys on Android. Any server with password based authentication exposed to the Internet is a ticking time bomb.

    – Kristopher Ives
    6 hours ago











  • You can't use keys last I tried; the permission can't be set on a non rooted drvice and the keys won't work without certain permission (not public viewable).At least with an AWS server

    – colbycdev
    11 mins ago













  • Too broad a question? What should I do, ask a separate question for each of the many possible aspects? Also, tried the sudoers thing-muss the part about re-entering my password?

    – colbycdev
    10 mins ago
















-1












-1








-1








I am running an Ubuntu 18.04.2 web server, and am looking for ways to harden it against attacks and others. I know this may be broad; I do not wish to add a question for every possible aspect



I've googled around and found little advice on this



Some limitations:



SSH keys are difficult/impossible to use on Android(my primary device) because permissions are not manageable on unrooted device and AWS require the key to not be public viewable. If someone know how to edit the permission correctly on Android with no root, please let me know



I refuse to lock the root account- try entering your 32 randomized character password 3 times in as many minutes. For me, it's just not worth it having multiple accounts on one server(root enabled by default)










share|improve this question









New contributor




colbycdev is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












I am running an Ubuntu 18.04.2 web server, and am looking for ways to harden it against attacks and others. I know this may be broad; I do not wish to add a question for every possible aspect



I've googled around and found little advice on this



Some limitations:



SSH keys are difficult/impossible to use on Android(my primary device) because permissions are not manageable on unrooted device and AWS require the key to not be public viewable. If someone know how to edit the permission correctly on Android with no root, please let me know



I refuse to lock the root account- try entering your 32 randomized character password 3 times in as many minutes. For me, it's just not worth it having multiple accounts on one server(root enabled by default)







server 18.04






share|improve this question









New contributor




colbycdev is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question









New contributor




colbycdev is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question








edited 4 mins ago







colbycdev













New contributor




colbycdev is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked 7 hours ago









colbycdevcolbycdev

12




12




New contributor




colbycdev is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





colbycdev is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






colbycdev is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.













  • I will vote to close this question as it is too broad. And for root password, a good security practice is to have a 128 randomized character password and to write that on a pize of paper that is put into a sealed envelope into the bank valve and only used in an emergency. Add a user account and add it to the sudoers group.

    – MatsK
    7 hours ago






  • 1





    You can use SSH keys on Android. Any server with password based authentication exposed to the Internet is a ticking time bomb.

    – Kristopher Ives
    6 hours ago











  • You can't use keys last I tried; the permission can't be set on a non rooted drvice and the keys won't work without certain permission (not public viewable).At least with an AWS server

    – colbycdev
    11 mins ago













  • Too broad a question? What should I do, ask a separate question for each of the many possible aspects? Also, tried the sudoers thing-muss the part about re-entering my password?

    – colbycdev
    10 mins ago





















  • I will vote to close this question as it is too broad. And for root password, a good security practice is to have a 128 randomized character password and to write that on a pize of paper that is put into a sealed envelope into the bank valve and only used in an emergency. Add a user account and add it to the sudoers group.

    – MatsK
    7 hours ago






  • 1





    You can use SSH keys on Android. Any server with password based authentication exposed to the Internet is a ticking time bomb.

    – Kristopher Ives
    6 hours ago











  • You can't use keys last I tried; the permission can't be set on a non rooted drvice and the keys won't work without certain permission (not public viewable).At least with an AWS server

    – colbycdev
    11 mins ago













  • Too broad a question? What should I do, ask a separate question for each of the many possible aspects? Also, tried the sudoers thing-muss the part about re-entering my password?

    – colbycdev
    10 mins ago



















I will vote to close this question as it is too broad. And for root password, a good security practice is to have a 128 randomized character password and to write that on a pize of paper that is put into a sealed envelope into the bank valve and only used in an emergency. Add a user account and add it to the sudoers group.

– MatsK
7 hours ago





I will vote to close this question as it is too broad. And for root password, a good security practice is to have a 128 randomized character password and to write that on a pize of paper that is put into a sealed envelope into the bank valve and only used in an emergency. Add a user account and add it to the sudoers group.

– MatsK
7 hours ago




1




1





You can use SSH keys on Android. Any server with password based authentication exposed to the Internet is a ticking time bomb.

– Kristopher Ives
6 hours ago





You can use SSH keys on Android. Any server with password based authentication exposed to the Internet is a ticking time bomb.

– Kristopher Ives
6 hours ago













You can't use keys last I tried; the permission can't be set on a non rooted drvice and the keys won't work without certain permission (not public viewable).At least with an AWS server

– colbycdev
11 mins ago







You can't use keys last I tried; the permission can't be set on a non rooted drvice and the keys won't work without certain permission (not public viewable).At least with an AWS server

– colbycdev
11 mins ago















Too broad a question? What should I do, ask a separate question for each of the many possible aspects? Also, tried the sudoers thing-muss the part about re-entering my password?

– colbycdev
10 mins ago







Too broad a question? What should I do, ask a separate question for each of the many possible aspects? Also, tried the sudoers thing-muss the part about re-entering my password?

– colbycdev
10 mins ago












0






active

oldest

votes











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






colbycdev is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1118324%2fways-to-harden-ubuntu-18-04-server%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























0






active

oldest

votes








0






active

oldest

votes









active

oldest

votes






active

oldest

votes








colbycdev is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















colbycdev is a new contributor. Be nice, and check out our Code of Conduct.













colbycdev is a new contributor. Be nice, and check out our Code of Conduct.












colbycdev is a new contributor. Be nice, and check out our Code of Conduct.
















Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1118324%2fways-to-harden-ubuntu-18-04-server%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

數位音樂下載

When can things happen in Etherscan, such as the picture below?

格利澤436b