When you set up an Ubuntu server, do you ever wonder: “Is this really secure?”
It’s a good question… and one that every server admin should ask. Let’s make sure your Ubuntu server isn’t just running but protected from potential threats.
Here’s how you can keep it safe without overcomplicating things.
How to keep your Ubuntu server updated
Have you ever skipped an update because you were too busy? That’s risky. Hackers love outdated software because it’s like an unlocked door. Keeping your server up to date is one of the easiest ways to shut them out. Here’s how to do it:
Step 1: Update the package lists
sudo apt updateStep 2: Upgrade the installed packages
sudo apt upgrade -yStep 3: Automate updates: Install the unattended-upgrades package to handle updates automatically
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgradesThis makes sure your server gets updates even if you forget.
How to secure SSH access on Ubuntu
Did you know that SSH is often the first thing hackers target? Let’s make it harder for them to break in.
Step 1: Change the default SSH port
The default port is 22. Everyone knows that. Change it to something else:
sudo nano /etc/ssh/sshd_configLook for #Port 22, uncomment it, and change the number. Save the file, then restart SSH:
sudo systemctl restart sshdStep 2: Turn off root login
Allowing root to log in is like leaving the master key under the doormat. Open the same file and set:
PermitRootLogin noStep 3: Use SSH keys
Instead of passwords, use keys – they’re way more secure. Generate a key pair:
ssh-keygen -t rsa -b 4096Copy the public key to your server:
ssh-copy-id user@your-server-ipStep 4: Install Fail2Ban
This tool blocks repeated failed login attempts automatically:
sudo apt install fail2banSetting up a firewall on Ubuntu
Do you really need every port open? Probably not. A firewall ensures only the services you need are reachable.
Step 1: Enable UFW (Uncomplicated Firewall)
sudo ufw enableStep 2: Allow necessary ports, like SSH (adjust for your custom port)
sudo ufw allow 2022/tcp
sudo ufw allow http
sudo ufw allow httpsStep 3: Deny everything else by default
sudo ufw default deny incoming
sudo ufw default allow outgoingStep 4: Check the status to confirm
sudo ufw status verboseHow to use strong passwords and 2FA on Ubuntu
Are your passwords strong enough? Or are you still using “12345” somewhere? Weak passwords are like giving hackers a head start. Here’s what to do:
Step 1: Enforce strong passwords
Install a package to ensure users create strong passwords:
sudo apt install libpam-pwqualityEdit /etc/security/pwquality.conf and set rules like:
minlen=12
minclass=4Step 2: Enable 2FA
Adding two-factor authentication makes it almost impossible for anyone to break in without your phone. Install Google Authenticator:
sudo apt install libpam-google-authenticator
google-authenticatorThen configure SSH to require it.
How to scan your Ubuntu server for malware
Yes, even Linux can get malware. Don’t worry – it’s rare, but it’s better to be prepared. Here’s how:
Step 1: Install ClamAV
sudo apt install clamav
sudo freshclam
sudo clamscan -r /homeStep 2: Use rkhunter to check for rootkits
sudo apt install rkhunter
sudo rkhunter --checkallDisabling unnecessary services on Ubuntu
Do you know which services are running on your server? If not, it’s time to find out. Unnecessary services can become a liability. How to clean them up:
Step 1: List running services
sudo systemctl list-units --type=service --state=runningStep 2: Stop and disable anything you don’t need
sudo systemctl stop <service-name>
sudo systemctl disable <service-name>Step 3: Check open ports
sudo ss -tulnHow to monitor logs and system activity on Ubuntu
Do you check your logs regularly? It’s like looking at the pulse of your server. Suspicious activity often shows up here first.
Step 1: Install Logwatch for email summaries
sudo apt install logwatch
sudo logwatch --detail high --mailto [email protected] --range todayStep 2: Use auditd for auditing system events
sudo apt install auditd
sudo auditctl -a always,exit -F arch=b64 -S execveHow to encrypt data on your Ubuntu server
What happens if someone gets their hands on your data? Encryption ensures they can’t read it.
Step 1: Encrypt your disks with LUKS
sudo apt install cryptsetup
sudo cryptsetup luksFormat /dev/sdXStep 2: Use HTTPS for web traffic – Install Let’s Encrypt
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginxHow to back up your Ubuntu server
Backing up your server is one of the most important steps you can take to protect your work and ensure quick recovery if something goes wrong. Ubuntu provides reliable tools for manual backups, while LifeinCloud offers more streamlined options for those who want backups to be effortless.
Using Ubuntu’s built-in functionality
Ubuntu provides several tools to help you back up your data effectively. You can use rsync for automated backups or tools like Restic for encrypted, incremental backups.
Step 1: Automate backups with rsync
Rsync is a simple yet powerful tool for synchronizing files between directories or servers, making it great for regular backups
rsync -avz /source /destinationStep 2: Use Restic for secure, encrypted backups
restic init --repo /path/to/repo
restic backup /path/to/dataThese tools get the job done, but they require a bit of setup and monitoring.
Using LifeinCloud’s Portal
If you’re looking for a more automated and user-friendly solution, LifeinCloud has built-in features that take care of backups for you.
Automatic Backups
Set and forget – LifeinCloud’s automatic backups simplify the process by handling everything for you. They run on a schedule you set and maintain up to seven recent restore points, so you can always roll back to a working state. This approach minimizes downtime and eliminates the hassle of manual configuration.
Snapshots
Snapshots offer a quick way to capture your entire server’s state at a specific moment. They’re especially helpful if you need to prepare for updates or test major changes without risking your current setup. Because they create point-in-time system images, snapshots make recovery fast and straightforward.
Auditing your Ubuntu server for security
Think of this as a health check for your server. Regular audits help you catch issues before they become problems.
Step 1: Install Lynis to scan for vulnerabilities
sudo apt install lynis
sudo lynis audit systemStep 2: Schedule penetration tests or use tools like Metasploit for deeper insights.
Conclusion
Securing and maintaining your Ubuntu server doesn’t have to be complicated, but it does require consistent effort. By implementing practices like regular updates, configuring SSH securely, and monitoring server activity, you’re building a strong foundation for long-term stability and security.
Backups are a crucial part of this strategy. Whether you use Ubuntu’s built-in tools for manual control or leverage LifeinCloud’s automated solutions, the goal is to ensure you can recover quickly and with minimal disruption. Choose the method that fits your workflow and make backups a regular habit.
By following these steps, you’re not just securing your server-you’re making it easier to manage and more resilient against challenges.
