Last week, while going through and changing passwords because of Heartbleed, I started to think about security and what of mine could be affected. First thing that came to mind was the server running in my room, which hosts a website and a cloud syncing service. Though I’m getting quite comfortable with Linux, I’d consider myself a total beginner when it comes to being a network sysadmin. So, I naively thought my server was safe because “How would anyone even know about my little private server to try to hack it?” I was so, so wrong and it was shocking to say the least.
After searching for “Linux server security” I found My First 5 Minutes On A Server; Or, Essential Security for Linux Servers by Bryan Kennedy. Immediately I realized I had a gaping security hole, the SSH Server! Not only had I not secured it at all, but the silly Sparkleshare cloud application I used to use had actually completely overwritten the default file instead of just adding a few lines! I had no security at all! To my absolute horror upon checking the ssh logs in /var/log/auth.log, I was getting hundreds of unauthorized login attempts per day! The logs only went back three days because of how many people were trying to hack in. Honestly I was so overwhelmed I shut down my server for a day to process and think about what that meant.
Fast forward through the weekend and I feel much more comfortable with the state of my server.
- I’ve installed Fail2Ban, which monitors login attempts and temporarily blocks ips with too many failed attempts. This should stop a script from brute forcing its way in.
- Next came Logwatch, a wonderfully easy to use tool that emails me a copy of all server logs once a day. Now I can always have my eye on security without even needing to go check the server.
- I actually just uninstalled openssh-server for now. I realized that I don’t actually need it at the moment. My second monitor is on a KVM switch, allowing me to view the server and work on it whenever I need to. Seeing as I never need to modify the server while out of the house, this is technically the most secure I can be for now. However, to be prepared for the future, I made a secure sshd config so it’s ready when I eventually reinstall the server. In the config I’ve disabled root login, turned off password authentication in lieu of ssh keys, and finally even allow only certain users from certain ip’s.
If you’re new to running a server, hopefully you can learn from my mistakes and look into security before it becomes a major problem. Luckily the files I sync are mostly open-source assets with backups in other locations, so it wouldn’t be a huge deal if they were compromised. But still, this has been a major wake-up call. Nobody with a computer is beyond needing at least the basics of security.
Have a great week everyone and remember, stay secure!