Linux is considered to be a well secured operating system. It is quite easy to maintain the security and protect our systems from unauthorized access by following a few simple norms or rules.
You will need access to a root or account with sudo privileges. These steps are intended for a new server setup. You can apply them selectively for the servers already in productions.
Step 1 : Install updates from the Ubuntu repository. You can install all the available updates or just select security updates, depending on your choice and requirement:
Step 2 : Change the root password; set a strong and complex root password and note it down somewhere. You are not going to use it every day
Step 3 : Add a new user account and set a strong password for it. You can skip this step if the server has already set up a non-root account, like Ubuntu
Step 4 : Add a new user to the Sudoers group:
Step 5 : Enable the public key authentication over SSH and import your public key to new user's authorized_keys file.
Step 6 : Restrict SSH logins:
Step 7 : Install fail2ban to protect against brute force attacks and set a new SSH port in the fail2ban configuration
Step 8 : Optionally, install UFW and allow your desired ports:
Step 9 : Maintain periodic snapshots (full-disk backups) of your server. Many cloud service providers offer basic snapshot tools.
Step 10 : Keep an eye on application and system logs. You may like to set up log-monitoring scripts that will e-mail any unidentified log entry.