grants.net.au

Tech Blog

Easily Secure your Ubuntu server

by Leave a Comment

This guide describes how to secure Ubuntu 14.04 LTS server in only a few minutes with a few simple steps. It may not be the best way for everyone but it works well for me.

What you need to begin.

SSH client (e.g. PuTTY) connected to your Ubuntu server as root.

How to toughen up server access.

Begin by setting a new root password:

passwd

Run any available package upgrades:

apt-get update
apt-get -y upgrade

Install fail2ban to help protect against brute force attacks:

apt-get install -y fail2ban

Setup a new user for server administration. You will need the password that is set here when using sudo with the admin account:

useradd -m -d /home/admin -s /bin/bash admin
passwd admin
mkdir /home/admin/.ssh
chmod 700 /home/admin/.ssh

Put your public key in the authorized_keys file. Keys can be generated with tools such as PuTTYgen.

vim /home/admin/.ssh/authorized_keys

Secure the admin user’s home directory:

chmod 600 /home/admin/.ssh/authorized_keys
chown -R admin:admin /home/admin/.ssh

Add sudo privilege to admin user:

visudo

Add the following line in section # User privilege specification.

admin ALL=(ALL:ALL) ALL

Save and exit.

nano /etc/ssh/sshd_config

Change sshd_config parameters as per below.

Port 22123
PermitRootLogin no

Add the following parameter at the end of the file.

AllowUsers admin

Enable firewall and permit SSH access.

ufw allow 22123
ufw enable

Save and exit.

reload ssh
exit

You can now login with your SSH client on port 22123 using your newly created credentials.

WordPress on DigitalOcean Ubuntu

by Leave a Comment

This guide outlines the steps required to create a WordPress powered website running on top of Ubuntu 14.04 LTS server deployed from a DigitalOcean droplet. These steps could easily be adapted for any infrastructure.

What you need to begin.

SSH client (e.g. PuTTY) connected to your server as root.

Step 1  – Toughen up server access.

Follow the steps provided in the guide Easily Secure Your Ubuntu Server

Step 2 – Install Web Server
sudo apt-get install -y apache2
sudo a2enmod rewrite
Step 3 – Install Database
sudo apt-get install -y mysql-server libapache2-mod-auth-mysql php5-mysql
sudo mysql_install_db
sudo /usr/bin/mysql_secure_installation
mysql -u root -p

Run the following SQL

CREATE DATABASE wordpress;
CREATE USER dbuser@localhost;
SET PASSWORD FOR dbuser@localhost=PASSWORD("my_password");
GRANT ALL PRIVILEGES ON wordpress.* TO dbuser@localhost IDENTIFIED BY 'my_password';
FLUSH PRIVILEGES;
exit
Step 4 – Install PHP
sudo apt-get install -y php5 libapache2-mod-php5 php5-mcrypt php5-gd

sudo nano /etc/apache2/mods-enabled/dir.conf

Edit dir.conf so index.php is at the start of the list.

Step 5 – Install WordPress
wget http://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz
cp ~/wordpress/wp-config-sample.php ~/wordpress/wp-config.php
sudo rsync -avP ~/wordpress/ /var/www/wordpress
mkdir /var/www/wordpress/wp-content/uploads
touch /var/www/wordpress/.htaccess
sudo nano /var/www/wordpress/wp-config.php

Update wp-config.php with database details from Step 3.

sudo chown www-data: /var/www/wordpress -R
sudo chmod g+w /var/www/wordpress -R
sudo chmod o-rwx /var/www/wordpress -R
sudo nano /etc/apache2/sites-available/000-default.conf

Update 000-default.conf to match below.

<VirtualHost *:80>
ServerAdmin webmaster@123.45.67.89
DocumentRoot /var/www/wordpress
ServerName 123.45.67.89
<Directory /var/www/wordpress/>
AllowOverride All
</Directory>
sudo service apache2 restart
sudo ufw allow 80
Step 6 – Install FTP
sudo apt-get install vsftpd
sudo useradd -m -d /home/ftpuser -s /bin/bash ftpuser
sudo passwd ftpuser 
sudo chown ftpuser: /home/ftpuser 
sudo adduser ftpuser www-data
sudo nano /etc/vsftpd.conf

Edit vsftpd.conf parameters as below

write_enable=YES
chroot_local_user=YES

Add the following parameters at the end of the vsftpd.conf file.

seccomp_sandbox=NO
allow_writeable_chroot=YES
local_root=/var/www/wordpress

Restart the FTP service.

sudo ufw allow 21
sudo service vsftpd restart
Step 7 – Finish Up

If you are running your server in a virtual environment/cloud this is the perfect place to create a rollback point should you need to start again fresh.

Browse to your site’s URL to begin using WordPress!

http://yoursite.com