Welcome to Admin Junkies, Guest — join our community!

Register or log in to explore all our content and services for free on Admin Junkies.

How do you secure your Linux VPS?

dahLabdo

Recognized member
Joined
May 26, 2023
Messages
95
Website
sin-studios.com
Credits
227
As the title suggests.

I am currently using the latest version of Ubuntu and want to make sure it's as secure as can be.

If you have any tips and tricks - send them my way!
 
Advertisement Placeholder
Sadly I don’t know much about them but @Tracy and @Arantor should be able to help you with this subject. :)
 
Is there a particular reason you are using Ubuntu?
Have you looked at CentOS 7 with CentMin Mod? CentMin does an excellent job of securing your site from outside intrusions at the core level (scripts being ran having security holes are a horse of a different color). You don't have a fancy "web" panel with CentMin, but a text based menu when you SSH into your server instance.

Screen Shot 2023-05-27 at 1.44.23 AM.png


And yes, CentOS 7 reaches EOL next year... but there is an upgrade path for CentOS to AlmaLinux available, and CentMin for AlmaLinux is currently under BETA testing and I've had no major or minor issues with it so far on AlmaLinux 8.
 
Last edited:
There is no particular reason, I recently updated my laptop to the Ubuntu OS. Although I am using Ubuntu, I am using the SSH connection as I want to learn this way. So no fancy panel for me haha, I wish there was tho!

Are there negatives to using Ubuntu? I only chose this server because it was 1. the first option on the VPS and 2. I use it on my laptop as the main OS. To be quite honest, I haven't done much research into it but from what I saw there was no BIG BIG negatives to using Ubuntu at all.

Thank you for supplying this information, definitely something to look into!
 
Are there negatives to using Ubuntu?
Depends on whether you are installing a desktop version or an actual server burn of the OS.
NEVER use a desktop install (which includes a GUI desktop) for learning how to actually run Linux in a server environment.

I use Ubuntu LTS at times... depends exactly on what I'm wanting to do.
For a simple high performance LAMP install, it's REALLY hard to beat CentOS/CentMin (and eventually Alma Linux/CentMin). You don't have to worry about rolling it all together... as the developer of CentMin (who does that type work professionally) has been willing to give his knowledge (and abilities) to the public...
I've got a few special use cases that use Docker and really run better on Ubuntu running on some clients...and originally, I "rolled my own" with the VPS using Debian and setting up NGINX on them (and even played with OpenLightSpeed on multiple OS's).... but I figured why recreate the wheel with CentMin Mod being such a reliable base.
 
You have definitely thrown a spanner in the works! Thank you for educating me, I think for now with these projects I am doing I will keep the Ubuntu VPS no desktop install as it's teaching me loads about Linux itself haha. It has taken me forever (and one VPS restart) to get a functioning LAMP setup so if I start offering my services in a few years once I'm competent I will definitely be keeping a close eye on the alternatives.

Thank you. <3 I wish I knew about CentMin before the several hours of hair pulling (I'M BALD ENOUGH AS IT IS LOL)
 
Thank you. <3 I wish I knew about CentMin before the several hours of hair pulling (I'M BALD ENOUGH AS IT IS LOL)
That is one of the reasons I am BIG proponent of CentMin.... currently it offers a VERY secure setup without having to jump through hoops and installing/configuring the LAMP stack.. It's not so hard if you use Apache... but honestly, in todays age, who really wants to use Apache unless they are forced to? NGINX or LightSpeed/OpenLightSpeed FAR exceeds the abilities of Apache.
Two things you want to make sure you have set up... a correctly configured version of CSF (Config Server Firewall) will definitely be your friend... no matter what OS you are using, and SSH keys. My servers are set up to notify me via a PUSH alert via PushOver for SSH login... of course, since I use keys, I rarely get an alert.
 
That is one of the reasons I am BIG proponent of CentMin.... currently it offers a VERY secure setup without having to jump through hoops and installing/configuring the LAMP stack.. It's not so hard if you use Apache... but honestly, in todays age, who really wants to use Apache unless they are forced to? NGINX or LightSpeed/OpenLightSpeed FAR exceeds the abilities of Apache.
Two things you want to make sure you have set up... a correctly configured version of CSF (Config Server Firewall) will definitely be your friend... no matter what OS you are using, and SSH keys.
Thank you so very much. I appreciate the time you've taken to help me.

Will review the CSF and also SSH keys now
 
BTW, I've only been "playing" with server instances (VPS - many of which were created via my own dedicated server using ProxMox) for about the last decade.
There are several areas that I lack knowledge in... and it's hard to keep up with the "current shit"... so it's simply one reason that I rely on someone I really trust (EVA2000) to create a package for my hosting environment.
 
BTW, I've only been "playing" with server instances (VPS - many of which were created via my own dedicated server using ProxMox) for about the last decade.
There are several areas that I lack knowledge in... and it's hard to keep up with the "current shit"... so it's simply one reason that I rely on someone I really trust (EVA2000) to create a package for my hosting environment.
Perfect. Thanks for sharing this! I've been interested in setting something like this up myself so I will be looking into ProMax
 
Perfect. Thanks for sharing this! I've been interested in setting something like this up myself so I will be looking into ProMax
Warning... ProxMox is a "bear" to learn unless you have at least the basics of Linux, networking and related knowledge.... you REALLY need an IP for each VPS instance you create... so to being with, one simple IP won't work... you need at least a /10 - /12 range for your ProxMox server.. and with the restrictions being place don IPv4 addresses, this has become harder (and more expensive) to come by. When I was setting up, I usually requested a /16 range (14 dedicated IP addresses) as I wanted room for expansion in case I decided to provide limited hosting for others (I used about 7 Ip addresses at the time for myself).
Ultimately.. running ProxMox/SolusVM is not cheap in the "real world". I finally figured out that $18USD a month for a VPS to server all the sites I needed far exceeded the $180 a month that I was paying at one time.... I can simply play with my VM installs on the dedicated servers I have here at the house, and use a VPS to do my "real world" work.
If you want to play with local installs, get adequate desktop hardware, install Oracle VM VirtualBox and play with it there.
 
There is very little difference between shell in Ubuntu Desktop and shell in Ubuntu server. And when I say very little, I mean very very little. I think what Tracy is getting at is that if you want to learn to admin a server via shell, then you need to do it all via shell, which means when you are using your Ubuntu laptop I would advise using shell as much as possible because just learning to navigate and to open, edit, save files, move files etc in a shell environment is a LOT different than using a desktop file browser, but you can do it, from shell in Ubuntu just like you would on your server. The difference there is the directory structure may be slightly different its been awhile since I have used Ubuntu other than in WSL2 and Docker. The most important thing is to read, read, read and verify EVERYTHING before you run that command in either environment. If its not from an official manpage or from a highly trusted source. VERIFY that command before you run it.
 
There is very little difference between shell in Ubuntu Desktop and shell in Ubuntu server. And when I say very little, I mean very very little. I think what Tracy is getting at is that if you want to learn to admin a server via shell, then you need to do it all via shell, which means when you are using your Ubuntu laptop I would advise using shell as much as possible because just learning to navigate and to open, edit, save files, move files etc in a shell environment is a LOT different than using a desktop file browser, but you can do it, from shell in Ubuntu just like you would on your server. The difference there is the directory structure may be slightly different its been awhile since I have used Ubuntu other than in WSL2 and Docker. The most important thing is to read, read, read and verify EVERYTHING before you run that command in either environment. If its not from an official manpage or from a highly trusted source. VERIFY that command before you run it.
This is very very good advice. I actually installed Ubuntu because of The Odin Project (a coding project, if you've not heard of it before - check it out). The project did not support Windows and therefore Linux was the way to go. In reference to shell, there was a basic tutorial that I followed to learn how to use shell in regards to files etc and it was great - definitely put me on the right path for the Linux vps.

I will most definitely take your advice and head caution when processing any commands, I am sticking to a pretty regimented regime of taking snapshots before I do anything for this very reason so thank you. :D
 
There is very little difference between shell in Ubuntu Desktop and shell in Ubuntu server.
Memory is used by the GUI.... which can be better used by the OS for its processes is my prime concern, as with the desktop versions, you are running sub-processes that you don't need, and they all utilize resources.
As for the best method...SSH into the instance to CLI and administer that way. Once you learn the old "DOS" like tricks of doing everything from the CLI, you have a firm foundation. Too often, even with a desktop I still found myself having to delve "into the guts" in a terminal window on my small HP Mini and EEE-PC.

In reference to shell, there was a basic tutorial that I followed to learn how to use shell in regards to files etc and it was great - definitely put me on the right path for the Linux vps.
I kick back to my old DOS days.... on EVERY install of Linux there are two items I always install - joe (a WordStar compatible editor) and mc (Midnight Commander - a PC Tools clone). With those two, you can do a LOT of work, and if you are familiar with the old WordStar DOS editor, you will be right at home.
 
Memory is used by the GUI.... which can be better used by the OS for its processes is my prime concern, as with the desktop versions, you are running sub-processes that you don't need, and they all utilize resources.
No where did I refer to resource usage. I was speaking strictly in regards to how ssh / terminal works server vs desktop builds. I even explicitly mentioned that ;)

In respect to editor, I use whatever is available to the system for that particular flavor of linux ;) Considering the person the original post was replying to is trying to learn programming as well. They might as well get used to using paths as they will be VERY important in everything they do from this point forward.

@Tracy I think the part you missed is that he installed Ubuntu on the server because he's also using it local on his dev laptop if I understood him correctly.
 
Last edited:
In respect to editor, I use whatever is available to the system for that particular flavor of linux ;) Considering the person the original post was replying to is trying to learn programming as well. They might as well get used to using paths as they will be VERY important in everything they do from this point forward.
And since sometimes those editors vary.... installing a simple utility like joe gives one consistency no matter what "flavor". The same with with mc. That way, you have a consistent platform for interaction no matter whether the default is vi, nano or whatever that "flavor" forces on you.
And yes, they still need to learn both of those others, as visudo is pretty much standard for sudo configuration "by default" in most "flavors" of Linux. You can use any editor to edit the actual physical file, but running visudo does it "automagically" so you do need to know how to at least edit/save/close in it.
No where did I refer to resource usage
And I didn't say you did...I clarified what I meant by being sure to use a server install election instead of a desktop. And yes, with a desktop there is a LOT that is loaded/installed that is not on a server level install as it's not needed... so why have that "extra crap" sitting on the system if one's intent is actual server administration? They are simply more "files"/directories that confuse the normal layout when compared to a clean server level install.
I think the part you missed is that he installed Ubuntu on the server because he's also using it local on his dev laptop if I understood him correctly.
No, I didn't "miss" that.... my point is (and remains) using a desktop election for a server install is a waste... yes, they both run Linux... but if your actual desire is to learn administration at a server level, you won't be installing a desktop version of Linux, you will be installing the server selection. That's why they have a desktop level and a server level.
 
Last edited:
installing a simple utility like joe gives one consistency no matter what "flavor". The same with with mc. That way, you have a consistent platform for interaction no matter whether the default is vi, nano or whatever that "flavor" forces on you.
I find I rarely get the choice, incidentally; I do a lot of work on other peoples' servers, nano/pico are pretty common, but plenty of them just have vim, some have emacs - and plenty of them don't give you the choice to install anything nicer. But for those people, bare metal VPS is really not the tool for the job, and for some managed hosting (e.g. Kinsta, Cloudways) you get what you get.
 
I find I rarely get the choice, incidentally; I do a lot of work on other peoples' servers, nano/pico are pretty common, but plenty of them just have vim, some have emacs - and plenty of them don't give you the choice to install anything nicer. But for those people, bare metal VPS is really not the tool for the job, and for some managed hosting (e.g. Kinsta, Cloudways) you get what you get.
I also have worked on many for others over over the last decade. And with any of them... you can simply install those utilities... that was my point about a consistency between platforms. JOE is available on most every Linux platform and it's WordStar interface is known by most "old heads", and also the open-source versions of BSD, for installation. The same with mc (Midnight Commander). Having a consistent interface speeds up your work, and being able to install it on aids in the consistent interface.
Whenever I did any work (which isn't often now as I prefer to spend my spare time in my personal pursuits) on a VPS/server for others, I always told them up-front those two utilities would be installed for my user/use (and I always insisted on having my own user created as I didn't want their root or personal credentials), and I could either remove them whenI was done, or leave them installed for them to investigate the use of. Several of those elected to have it left installed and it became what they also used regularly.
If you are on "managed hosting" (not sure if you are referring to shared hosting, SaaS or an actual VPS/dedi with a 3rd party maintaining it) then you shouldn't be "messing" at the OS level of administration anyways (and many don't let you get to that level). That's the whole point of "managed". ;)
 

Log in or register to unlock full forum benefits!

Log in or register to unlock full forum benefits!

Register

Register on Admin Junkies completely free.

Register now
Log in

If you have an account, please log in

Log in
Who read this thread (Total readers: 0)
No registered users viewing this thread.

New Threads

Would You Rather #9

  • Start a forum in a popular but highly competitive niche

    Votes: 9 27.3%
  • Initiate a forum within a limited-known niche with zero competition

    Votes: 24 72.7%
Win this space by entering the Website of The Month Contest

Theme editor

Theme customizations

Graphic Backgrounds

Granite Backgrounds