Learning how to install the Ubuntu server was a little challenging and I made some mistakes along the way. For one I downloaded the base Ubuntu server OS, not the actual server. (I didn’t figure this out till after the fact. That meant it didn’t have certain commands. So l learned how to download the command curl and sudo. Also had to set up ssh manually. Base Ubuntu is for more advanced users. I feel that way you can get in there and customize what you want on the server.
Setting Up The Base Ubuntu Server
First thing first is that I had to use Rufus to make sure the micro-SD card can be read as a bootable drive. You have installed the OS using the Libre website. I couldn’t just go to the Ubuntu website to install it. (I learned that the hard way. Also, the Libre Le-Potato wouldn’t boot.) Once I had it installed on the SD card, I inserted it into the Libre Le-Potato computer. Boy was I happy to see it boot! I was kind of like a kid on Christmas! When coming up with a user and name password always make sure it’s a strong password! (The usual more than 8 characters with a mixture of capital, lower case letters, numbers, and symbols.) Remember we are going to be using this on the internet 24/7! We are changing how we direct traffic! The last thing you’ll want to do is make yourself more vulnerable to hacking, or man-in-the-middle.
Securing The Server: Updating and Upgrading the System
Now it’s time to start securing the server! This is where the fun begins. Probably the easiest is updating and upgrading the system. To update you would use the sudo apt-get update first then replace the update with an upgrade. You can use the down arrow once the update is finished. You’ll get the option to run the command again. Why do this? For security reasons! Outdated software is easier to mess with.
Minimizing Packages to Reduce Vulnerabilities
We will also keep this installation to a minimum. The packages that are running the less of a chance of an attack.
Disabling Root Login for Added Security
Next is to disable the root login. This help to mitigate brute force attacks. Limit privilege escalation, and encourage the principle of least privilege.
First things first, you’ve got to pull up the SSH configuration file. It’s the command center for SSH, and it’s where we can turn off root login. You can find it in the terminal under /etc/ssh/sshd_config. Just type sudo nano /etc/ssh/sshd_config to open it up in a text editor.
Finding the Key: Locating the Root Login Directive
Once you’ve found it, you’re going to change it to PermitRootLogin no. If there’s a hash (#) at the start of the line, just delete it. It’s like a cloak of invisibility for code – anything after it on that line is completely ignored by the server. Then, type in no after PermitRootLogin, save the file and exit. In nano, you can do this just by pressing Ctrl+X, followed by Y, and then Enter.
A Word of Caution: Ensuring Continued Server Access
But remember, before you go switching off root login, make sure you have another user account that has sudo privileges. Otherwise, it’s like locking your keys in the car – you won’t be able to get back in to administer your server. Oh, and always, always use a strong password for every account. A little complexity goes a long way in keeping your server safe.
Installing UFW Firewall
Getting UFW installed and set up was a little trickier than I’d initially thought it would be. See, normally, UFW is installed by default on some Linux distributions, but not on this one. To get it set up, I had to install it manually using the command sudo apt install ufw.
Setting Up Firewall Rules
Once I had UFW installed, the next step was to put the firewall rules in place. But before doing that, I had to make sure I didn’t accidentally disconnect myself from the server when enabling UFW. So, I started by allowing SSH connections using sudo ufw allow ssh. This command opens up a path for incoming SSH connections. If you’re using a specific port for SSH, you’d replace ‘port_number’ with your actual port number and run sudo ufw allow port_number/tcp.
Activating UFW Firewall and Verifying Its Status
Then, to get UFW up and running, I used sudo ufw enable. This command does two things: it activates the firewall right away, and it also ensures that the firewall will automatically start every time the system boots up.
To double-check that UFW was active and protecting my server, I used sudo ufw status verbose. This command gives you a rundown of the current status and rules, letting you see at a glance what’s going on with your firewall.
Managing Connections Through UFW
Of course, SSH isn’t the only service you might need to allow through your firewall. If you need to allow other connections, like HTTP or HTTPS, you’d use a similar command, such as sudo ufw allow http or sudo ufw allow 80/tcp. And, if you need to block a connection, you’d use the deny option, like sudo ufw deny from ip_address to stop traffic from a specific IP address. Opening unnecessary ports lowers security so we wont be opening ports. We are just using the server for the pi-hole and the ports won’t be needed. If you ever decide you want to open a tiny web-server or other services you now know how to open the ports.
Deleting Rules in UFW Firewall
Just remember, you can always delete rules if you need to. For example, if you want to remove the rule that allows HTTP connections, you’d use sudo ufw delete allow http. There aren’t any rules to delete for the pi-hole installations so we can skip this step too.
And that’s it! With UFW in place, my server now has an extra layer of protection against potential threats. Trust me, it feels good to know you’re a step ahead in the game of cybersecurity. Any formatting I can add to make this stand out
Alright folks, that wraps up this round of my journey into server security. We’ve covered a lot of ground today! From the bumps I hit while installing the Ubuntu server to the victory dance I did when the Libre computer finally booted, it’s been a wild ride.
We’ve dove deep into the nitty-gritty of securing the server, and I can’t stress enough the importance of regularly updating and upgrading your system, minimizing packages, and of course, setting up that crucial firewall with UFW. Remember, the more layers of security, the better!
And let’s not forget one of our biggest wins: disabling the root login. Might seem like a small change, but believe me, it can be the difference between a secure server and a hacker’s paradise.
Just remember to keep a few things in mind. Always choose strong passwords. And before you disable that root login, be sure you’ve got another user account with sudo privileges. It’s a bit like keeping a spare key to your car.
All in all, it’s been a thrilling dive into the world of cybersecurity. Sure, there were challenges, but every step of the way was a learning opportunity. And now, our server is one step ahead in the game of cybersecurity, and that’s what counts.
Stay tuned for the next part of our adventure, and until then, keep those servers safe!
Disclaimer: Alright folks, real talk time. So, you’re excited about setting up a Pi-hole and diving headfirst into the world of ad-blocking and enhanced privacy? I’m totally with you. But before we all get carried away, there’s a little caveat I’ve gotta share.
Turns out, to use a Pi-hole, you need to have your own router. Yup, that’s right. If you’re renting a router or using one provided by your internet service provider, chances are you might hit a roadblock. You see, these routers often don’t let you change the DNS settings, which is a key part of getting the Pi-hole up and running.
So, before you roll up your sleeves and get stuck into setting up a Pi-hole, take a minute to check your router situation. Remember, this cybersecurity journey we’re on? It’s all about learning and adapting. Sometimes, we’ve got to navigate around some obstacles to keep moving forward. But hey, that’s all part of the fun, right?