Hi,

I'm new to the whole linux thing and just wanted to check I have set things up ok from a security point of view? I am running the latest Ubuntu LTS.

What I have done:

- Set up UFW firewall to default deny and only allowed the ports I need
- Changed the SSH port from 22 to a port of my choice
- Disabled password login totally so I can only login with key
- Setup Fail2Ban
- Set my mailserver offsite by using google (I found Citadel a major PITA with people trying to get in)
- Using Nginx as webserver

Would be grateful for any comments

TT

Once you've disabled SSH passwords, the overwhelming majority of attacks will be through your web application, such as Wordpress, etc.

Use the latest version of whatever web application you're running. Get rid of unwanted plugins. And don't give the user that runs your web app any permission to write to any file that isn't strictly necessary.

BTW, you aren't using plain old FTP, are you?

Nope, using SFTP. My web stuff will all be based on the application I am programming, with no public access as such. I point all the public stuff to another server.

ACtually I just had a thought, I use SFTP, but how can I disable normal FTP please? I have SFTP on same port as I SSH to, but all other ports are disabled. I was assuming that on that port it needs to be keys only same as my SSH access? Bit new to all this!

Thanks

SFTP and FTP are completely different protocols. SFTP is handled by the SSH server (hence the same port). FTP is handled by an FTP server. If you never installed an FTP server such as vsftpd, you don't need to worry about it.

Cool. I didn't install anything so sounds like I'm good Thanks for your comments.