Configuring Firewall and Security Settings

Configuring Firewall and Security Settings on Your VPS

Setting up a firewall and enhancing security configurations on your VPS is crucial to protect your server from unauthorized access and potential threats. Follow these steps to configure your firewall and implement essential security settings.

Step 1: Access Your VPS via SSH

• Log in via SSH to your VPS using your root or admin credentials.
• Open an SSH client (such as Terminal on macOS/Linux or PuTTY on Windows) and enter:
  ssh root@your-server-ip
• Hit Enter, then provide your password when prompted.

Step 2: Update Your System

Updating your VPS regularly helps protect it from known vulnerabilities.

• Run the following commands to update the package list and upgrade the installed packages:
  sudo apt update sudo apt upgrade -y
  This command updates and applies all available security patches.

Step 3: Install and Configure a Firewall

A firewall is your first line of defense. Here, we’ll use UFW (Uncomplicated Firewall), which is easy to set up on most Linux distributions.

• Install UFW (if it’s not already installed) by running:

  sudo apt install ufw -y

• Allow SSH access to ensure you don’t get locked out of your server:

  sudo ufw allow ssh

• Enable UFW:

  sudo ufw enable

  You’ll be prompted to confirm enabling the firewall. Type y and press Enter.

• Set up additional rules as needed, for example, to allow HTTP and HTTPS traffic:

  sudo ufw allow http sudo ufw allow https

• Check the status of your firewall to ensure rules are active:

  sudo ufw status

Step 4: Disable Root SSH Login

For enhanced security, disable direct root access. This requires logging in with a different user and then escalating privileges.

• Open the SSH configuration file:
  sudo nano /etc/ssh/sshd_config
• Find the line:
  PermitRootLogin yes
  and change it to:
  PermitRootLogin no
• Save the changes by pressing CTRL + O, then Enter, and close with CTRL + X.
• Restart the SSH service to apply the change:
  sudo systemctl restart ssh

Step 5: Set Up Fail2Ban to Protect Against Brute-Force Attacks

Fail2Ban helps secure your server by blocking IPs that show signs of malicious intent, such as repeated failed login attempts.

• Install Fail2Ban:
  sudo apt install fail2ban -y
• Enable Fail2Ban by starting its service:
  sudo systemctl enable fail2ban sudo systemctl start fail2ban
• Configure Fail2Ban (optional):
  • Open the default configuration file:
    sudo nano /etc/fail2ban/jail.local
  • Adjust settings like bantime, findtime, and maxretry based on your security needs.
  • Save and close the file, then restart Fail2Ban:
    sudo systemctl restart fail2ban

Step 6: Set Up Basic IP Tables Rules (Optional)

For advanced users, configuring IP Tables provides more fine-tuned control over your firewall.

• View current rules:
  sudo iptables -L
• Add rules as needed, for example, to block all incoming connections except SSH, HTTP, and HTTPS:
  sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT sudo iptables -A INPUT -p tcp --dport http -j ACCEPT sudo iptables -A INPUT -p tcp --dport https -j ACCEPT sudo iptables -P INPUT DROP
• Save your IP Tables rules to ensure they persist after reboot:
  sudo apt install iptables-persistent -y sudo iptables-save > /etc/iptables/rules.v4

Step 7: Regularly Monitor and Review Security Logs

Consistently monitoring your logs helps detect any suspicious activity on your VPS.

• Use the following command to view the auth log, which tracks login attempts:
  sudo tail -f /var/log/auth.log
• You can also check the Fail2Ban logs for any banned IP addresses:
  sudo tail -f /var/log/fail2ban.log

Step 8: Schedule Regular Security Updates

To keep your VPS secure, schedule regular updates or enable automatic updates.

1. Install the unattended-upgrades package:
   sudo apt install unattended-upgrades -y
2. Enable automatic updates:
   sudo dpkg-reconfigure --priority=low unattended-upgrades