Ubuntu is one of the most widely used Linux server platforms. Proper hardening significantly reduces the attack surface and helps protect against brute-force attacks, privilege escalation, malware, and unauthorized access.
sudo apt update sudo apt upgrade -y sudo apt autoremove -y
sudo adduser adminuser sudo usermod -aG sudo adminuser
sudo nano /etc/ssh/sshd_configRecommended settings:
PermitRootLogin no PasswordAuthentication no PubkeyAuthentication yes MaxAuthTries 3 ClientAliveInterval 300Restart SSH:
sudo systemctl restart ssh
ssh-keygen -t ed25519Copy key:
ssh-copy-id user@server-ipBenefits:
sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow 22/tcp sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw enableVerify:
sudo ufw status verbose
sudo apt install fail2ban -yVerify:
sudo fail2ban-client status sshdBenefits:
sudo apt install unattended-upgrades -yEnable:
sudo dpkg-reconfigure unattended-upgrades
sudo ss -tulpnDisable unnecessary services:
sudo systemctl disable service-name sudo systemctl stop service-name
sudo ss -tulpnOnly expose:
sudo apt install auditd -yCheck:
sudo systemctl status auditdBenefits:
docker ps docker images docker network lsBest practices:
/var/log/auth.log /var/log/syslog /var/log/nginx/access.log /var/log/nginx/error.logMonitor:
sudo apt install clamav clamav-daemon -yRun scan:
sudo clamscan -r /
Ubuntu hardening is an ongoing process rather than a one-time activity. Combining strong access controls, firewall protection, monitoring, patch management, and backup strategies creates a secure and resilient Linux server environment.
Author: Nageshwar Rao
Network Security Engineer | Cyber Security Consultant