Prerequisites
- VPS/Web Server with Linux distribution installed. Need a VPS? Try Web Host Wizards!
- PC/Mac Terminal
Getting Started
- Open your terminal
- Type 'ssh root@yourserverip' replacing 'yourserverip' with your servers IP address.
ssh root@yourserveripWe now need to update our distro and install Git
sudo apt update && apt upgradesudo apt install gitIf you are using a Linux distrubution other than Ubuntu/Debian, you can find out how to install packages using your specific linux distro.
Secure Linux VPS Installaion Script
We can simply copy/paste this script from GitHub into our Terminal using this command
sudo git clone https://github.com/akcryptoguy/vps-harden.git && cd vps-harden && sudo bash get-hard.shThe install script will begin by updating your Linux Distribution packages, if any. Once the packages are updated the script will begin.
'Would you like to install these crypto packages now? y/n'
If you plan to use Crypto your VPS or website you can type 'y', otherwise type 'n' and then press Enter.
If you plan to use Crypto your VPS or website you can type 'y', otherwise type 'n' and then press Enter.
'Would you like to add a non-root user? y/n'
We can add a non-root user at anytime. For now we can type 'n' and then press Enter.
We can add a non-root user at anytime. For now we can type 'n' and then press Enter.
'Enter a custom port for SSH between 11000 and 65535 or use 22:'
A custom port is recommended to avois SSH attacks on the standard Port 22. Enter in your desired port number and press Enter.
A custom port is recommended to avois SSH attacks on the standard Port 22. Enter in your desired port number and press Enter.
'Would you like to disable password login & require RSA key login? y/n'
Type 'n' and press Enter.
Type 'n' and press Enter.
'Would you like to enable UFW and assign basic rules? y/n'
Type 'y' and press Enter.
Type 'y' and press Enter.
The next steps are to secure your server's shared memory, enable
DDOS protection, harden the networking layer, and enable automatic
installation of security updates.'Would you like to perform these steps now? y/n'
Type 'y' and press Enter.
Type 'y' and press Enter.
Would you like to install Google 2FA Authentication? y/n
Type 'n' and press Enter.
Type 'n' and press Enter.
Would you like to enhance your MOTD & login banner? y/n
Type 'y' and press Enter. This is optional, its cooler so why not 🙂
Type 'y' and press Enter. This is optional, its cooler so why not 🙂
Would you like to restart SSHD and enable UFW now? y/n
Type 'y' and press Enter.
Type 'y' and press Enter.
Save the 'important login variables' that are displayed on the screen for future use.
🚨 Make sure to open a new terminal and test the SSH login with your new port (eg. 'ssh root@192.333.22.11 -p 1234') before closing down this current terminal.
If you are not able to connect to your VPS in the new terminal, try opening your chosen port in your servers firewall using the terminal you still have open and access to. A guide on how to open specific ports can be found here.
🚨 Make sure to open a new terminal and test the SSH login with your new port (eg. 'ssh root@192.333.22.11 -p 1234') before closing down this current terminal.
If you are not able to connect to your VPS in the new terminal, try opening your chosen port in your servers firewall using the terminal you still have open and access to. A guide on how to open specific ports can be found here.
Congratulations, the Secure Linux VPS script has now been installed on your server.
If you are looking to install & configure the LEMP(Linux, Nginx, MariaDB, PHP) stack on a VPS using the Ubuntu distro, we have a guide just for that here.
If you are looking to install & configure the LEMP(Linux, Nginx, MariaDB, PHP) stack on a VPS using the Ubuntu distro, we have a guide just for that here.
