In todays world it may be any operating system or any machine they all are open to the world in one or the other way. There are lots of ways in which attackers may attack 🔐 your system.
Attackers may attack your system externally from internet or internally sitting inside your firewall, so its very important to take care of all things which may cause these attacks.
In this tutorial we will discuss in depth what are the best ways to keep your machine far away from attacks and more secure.
Lets see some of the most important factors one must follow and should take care of.
- Assess Your Vulnerabilities:
We should always check requirement of our applications or services on particular machines. Lets say we need to install apache2 web server then make sure only apache2 service is running and avoid installing some other extra services which are not required. Disable such services which may no longer be required and are open to the world.
- How to check the list of running services on ubuntu machine
service --status-all | grep '\[ + \]'
- How to stop a particular service if it is not required.
service <service-name> stop service <service-name> status
- Use tools to scan your machine and remote machines
- Nmap: It is also known as network mapper and is used to do analysis of network , monitor host details and connections , audits and check all portsand connectivity on your machine or remote machine.
nmap Hostname # nmap ip-10-111-4-53
- Rkhunter: This tool is used to find the issues in file and directories permission , hash changes and executables with incorrect file permissions, hidden files.
rkhunter -c # To check our own machine's system check
- tcptrace: This tool is used to trace the TCP Packet information for both receiving and sending connections.
3. Configure your Local Firewall to secure your environment.
The most important service which one must consider looking for is ufw which is also known as uncomplicated firewall. This service enables you to implement selective or restrictive policies regarding access to your System and is a interface to iptables.
Lets check ufw commands in details to understand better.
- To install ufw on your machine ( Note: Although this is already installed but incase it is not available)
apt install ufw
- To check if ufw is successfully installed on your machine
service ufw status
ufw status # Here Don't use service command
ufw enable # Here Iam not enabling as it requires connection disruption (select yes in your case)
ufw allow ssh ufw allow 80
- How to enable logging for ufw
ufw logging on
I would take you with some more commands which are useful and are used with ufw , let us see quick summary of ufw commands.
enable Enables the firewall
disable Disables the firewall
reload Reloads the firewall to ensure changes are applied
allow Adds an allow rule
deny Adds a deny rule
reject Adds a reject rule
limit Adds a limit rule
delete Deletes the rule
status Shows the firewall status
-version Displays version information
As we discussed earlier in this tutorial ufw The Uncomplicated Firewall (ufw) is a front-end for iptables and is particularly well-suited for host-based firewalls You can block or allow traffic based on IP address, NIC, port, network, and more. You can set iptables to log all actions or just specific actions. Let us see some commands .
sudo iptables -L # Lists the currently set firewall rules
sudo iptables -L -vn # Lists the currently set firewall rules with more details
sudo iptables -F # Deklete he currently set firewall rules
sudo iptables -P FORWARD ACCEPT # Accepts all forwarded traffic sudo iptables -P OUTPUT DROP # Drops all outgoing traffic