Secure a Linux VPS After Deployment

When setting up a Linux VPS, security is a top priority. By default, a newly installed server can be vulnerable to unauthorized access, brute-force attacks, and malware. This guide will walk you through essential steps to secure your Linux VPS.

📌 Prerequisites

• A Linux VPS (Ubuntu, Debian, CentOS, or AlmaLinux) from VolticHost

• Root or sudo user access

1️⃣ Update Your System

Before making any changes, update your server to get the latest security patches.

For Ubuntu/Debian, run:

sudo apt update && sudo apt upgrade -y

For CentOS/AlmaLinux/RockyLinux, run:

sudo yum update -y

✅ Your system is now up to date!

2️⃣ Change the Default SSH Port

By default, SSH runs on port 22, making it a common target for attacks. Changing the port helps reduce unauthorized login attempts.

1. Open the SSH configuration file:

   sudo nano /etc/ssh/sshd_config
   
   

2. Find the line:

   #Port 22
   
   

3. Change it to a custom port (e.g., 2222):

   Port 2222
   
   

4. Save and exit (CTRL + X, then Y, then Enter).

5. Restart SSH:

   sudo systemctl restart sshd
   
   

✅ SSH is now running on a custom port!

3️⃣ Disable Root Login via SSH

Using the root user directly over SSH is a security risk. It’s better to use a non-root user with sudo privileges.

1. Open the SSH configuration file:

   sudo nano /etc/ssh/sshd_config
   
   

2. Find the line:

   PermitRootLogin yes
   
   

3. Change it to:

   PermitRootLogin no
   
   

4. Save and exit.

5. Restart SSH:

   sudo systemctl restart sshd
   
   

✅ Root login is now disabled!

4️⃣ Create a New Sudo User

Instead of using root, create a new user with administrative privileges.

1. Create a new user (replace youruser with your username):

   sudo adduser youruser
   
   

2. Give the user sudo privileges:

   sudo usermod -aG sudo youruser
   
   

3. Switch to the new user:

   su - youruser
   
   

✅ You now have a secure sudo user!

5️⃣ Set Up a Firewall (UFW or Firewalld)

For Ubuntu/Debian (UFW - Uncomplicated Firewall)

1. Install UFW (if not installed):

   sudo apt install ufw -y
   
   

2. Allow your custom SSH port:

   sudo ufw allow 2222/tcp
   
   

3. Enable the firewall:

   sudo ufw enable
   
   

For CentOS/AlmaLinux (Firewalld)

1. Start and enable Firewalld:

   sudo systemctl start firewalld
   sudo systemctl enable firewalld
   
   

2. Allow your custom SSH port:

   sudo firewall-cmd --permanent --add-port=2222/tcp
   sudo firewall-cmd --reload
   
   

✅ Your VPS firewall is now active!

6️⃣ Install Fail2Ban to Prevent Brute-Force Attacks

Fail2Ban monitors login attempts and bans IPs that fail too many times.

For Ubuntu/Debian:

sudo apt install fail2ban -y

For CentOS/AlmaLinux:

sudo yum install fail2ban -y

Start and enable Fail2Ban:

sudo systemctl enable fail2ban --now

✅ Your VPS is now protected from brute-force attacks!

7️⃣ Enable Automatic Security Updates

Keeping your server updated ensures protection against vulnerabilities.

For Ubuntu/Debian:

1. Install the unattended-upgrades package:

   sudo apt install unattended-upgrades -y
   
   

2. Enable automatic updates:

   sudo dpkg-reconfigure unattended-upgrades
   
   

For CentOS/AlmaLinux:

1. Install dnf-automatic:

   sudo yum install dnf-automatic -y
   
   

2. Enable automatic updates:

   sudo systemctl enable --now dnf-automatic.timer
   
   

✅ Your system will now update itself automatically!

🎉 Conclusion

You've successfully secured your Linux VPS by: ✅ Updating the system
✅ Changing the SSH port
✅ Disabling root login
✅ Creating a sudo user
✅ Setting up a firewall
✅ Installing Fail2Ban
✅ Enabling automatic updates

For more assistance, contact VolticHost Support. 🚀