Skip to main content

Securing Your Linux Server: Essential First Steps

Harden a fresh Ubuntu 24.04 server by creating a non-root user, locking down SSH, configuring a firewall with UFW, and setting up fail2ban to block brute-force attacks.

Need a server? Get $200 free credits on DigitalOcean
beginner
cloud
Linux
45 minutes
8 steps
Prerequisites
  • A running Ubuntu 24.04 server (see exercise 1: Creating and Connecting to Your First Linux Server)
  • SSH access as root to your server
  • Basic terminal knowledge

You need a running Linux server for this exercise. Any Ubuntu server works, but we recommend DigitalOcean for quick setup.

Get $200 in free credits to get started.

Get Started with DigitalOcean

Disclosure: This is an affiliate link. We may earn a commission at no extra cost to you.

Learning Objectives
  • Create a non-root user with sudo privileges
  • Disable root login and password authentication over SSH
  • Configure UFW to allow only necessary traffic
  • Install and configure fail2ban to block repeated login attempts
  • Verify that security settings are working correctly
Technologies Used
Ubuntu 24.04
SSH
UFW
fail2ban
Exercise Steps
1

Create a Non-Root User with Sudo Access

Current

Running everything as root is risky. A single typo can destroy your system. Create a regular user and give it sudo privileges so you can run admin commands only when needed.

2

Copy SSH Key to the New User

Copy your SSH public key from the root account to the new user so you can log in directly without a password.

3

Test Sudo Access for the New User

Open a new terminal window and SSH in as the deploy user. Verify that sudo works before locking down root access.

4

Disable Root Login and Password Authentication

Now that you have a working sudo user, disable root SSH login and password authentication. This blocks the two most common attack vectors on Linux servers.

5

Configure UFW Firewall

UFW (Uncomplicated Firewall) is the default firewall tool on Ubuntu. Set it up to allow only SSH, HTTP, and HTTPS traffic, and block everything else.

6

Install and Configure fail2ban

fail2ban monitors log files for repeated failed login attempts and temporarily bans the offending IP addresses. It is one of the best defenses against brute-force SSH attacks.

7

Verify fail2ban is Working

Check that fail2ban is running, the SSH jail is active, and review the current ban status.

8

Run a Final Security Check

Verify that all security settings are in place by running a series of checks.

Found an issue?

Series:Linux Server Setup SeriesPart 2 of 5

1. Creating and Connecting to Your First Linux Serverbeginner · 30 minutes
2. Securing Your Linux Server: Essential First Stepsbeginner · 45 minutes3. Deploying a Web Application with Nginx and SSLintermediate · 60 minutes4. Linux Server Monitoring and Maintenance Essentialsintermediate · 45 minutes5. Running Docker Containers on Your Linux Serverintermediate · 60 minutes
Next: Deploying a Web Application with Nginx and SSL