{"data":{"external_id":2478,"slug":"how-to-secure-linux-server","title":"How can I secure my Linux server?","content":"At Prepaid-Hoster, the security of your server is our top priority. That’s why we have developed the Security Manager – a powerful tool that checks your Linux server for known vulnerabilities and provides advice on how to address these weaknesses. In this FAQ entry, you will learn about the security checks performed by the Security Manager and effective ways to secure your server.\nPossible Vulnerabilities\nAt Vionity, we assess your Linux server for potential vulnerabilities. We focus on common weaknesses that even inexperienced users can address.\nName\nIssue\nDescription\nSSH Default Port\nUsing the standard SSH port\nThe standard SSH port (22) is widely used and therefore a popular target for attacks. Changing the port can enhance security.\nFAIL2Ban not installed\nLack of protection against brute-force attacks\nFAIL2Ban is a security program that blocks IP addresses after multiple failed login attempts. Without FAIL2Ban, the server is more susceptible to brute-force attacks.\nNo Root SSH Keys\nAuthentication via password\nSSH keys are more secure than passwords. Without SSH keys, the server is more vulnerable to password theft and brute-force attacks.\nSSH Root Password Auth enabled\nAllowing root login via password\nDirect root login via password is insecure. It is better to disable root logins or only allow them through SSH keys.\nFailed Login attempts (high)\nMany failed login attempts\nMany failed login attempts can indicate brute-force attacks. This requires immediate attention and appropriate measures.\nJava Root Process\nRunning Java as root process\nJava processes running as root can pose a security risk as any vulnerability in Java can provide full access to the system.\nTeamSpeak Root Process\nRunning TeamSpeak as root process\nRunning TeamSpeak processes as root can jeopardize the entire system in the event of software vulnerabilities.\nDetailed Description of Security Issues\nSSH Default Port\nThe SSH default port 22 is often the target of automated attacks. Changing this port to a less well-known number can reduce the attack surface of your server. This is a simple but effective measure to enhance security.\nFAIL2Ban not installed\nFAIL2Ban protects your server from brute-force attacks by blocking IP addresses after multiple failed login attempts. Without this safeguard, your server remains vulnerable to repeated attack attempts that could ultimately succeed.\nNo Root SSH Keys\nUsing SSH keys instead of passwords offers higher security. Passwords are more prone to being stolen or guessed through brute-force attacks, while SSH keys are more difficult to compromise. It is recommended to allow root access only through SSH keys.\nSSH Root Password Auth enabled\nDirect root logins via password should be disabled as they pose a significant security risk. It is safer to grant root access only to a regular user who can then obtain root privileges using sudo or su.\nFailed Login attempts (high)\nA high number of failed login attempts can indicate ongoing brute-force attacks. It is important to monitor these attempts and take appropriate measures such as blocking the attacker’s IP or implementing additional security mechanisms.\nJava Root Process\nJava applications should not be run as root processes as vulnerabilities in Java can lead to complete system compromise. It is safer to run Java applications with a non-privileged user.\nTeamSpeak Root Process\nSimilar to Java, TeamSpeak should not be run as a root process. Security vulnerabilities in TeamSpeak could be exploited to compromise the entire system. It is better to run TeamSpeak with its own restricted user account.\nGeneral Advice\nRegular Updates\nEnsure that your system and all installed packages are regularly updated. Security updates address known vulnerabilities and enhance stability. Learn how to update your VServer on our FAQ page.\nSet Up a Firewall\nUse a firewall like ufw (Uncomplicated Firewall) or iptables to prevent unauthorized access. Enable only the necessary ports.\nUser Management\nCreate separate user accounts for different tasks and grant only the necessary permissions. Avoid working regularly as the root user.\nCreate Backups\nMake regular backups of your data and configurations. Automate the backup process to prevent data loss.\nDon’t Copy Commands You Don’t Understand\nLook at a command before copying it into your console. A wrong rm -rf or a chmod in the wrong directory can jeopardize the security of your server and render it unusable.\nQuick Solutions\nHow do I change the SSH port?\nCreating and using SSH keys\nDisabling SSH password authentication\nSources\nSSH Security Best Practices\nFAIL2Ban Official Documentation\nSSH Key Authentication Guide\nJava Security Overview\nTeamSpeak Security Advisory\nIf you need further information or specific guidance on implementing security measures, please let me know!","schema":null,"facts":[],"links":[{"type":"faq","url":"https:\/\/support.prepaid-hoster.de\/faq\/de\/virtuelle-server\/wie-kann-ich-meinen-vserver-aktualisieren.html","data":{"post_id":"56286","post_slug":"wie-kann-ich-meinen-vserver-aktualisieren","post_cat_id":"9"}},{"type":"faq","url":"https:\/\/support.prepaid-hoster.de\/faq\/de\/virtuelle-server\/wie-aendere-ich-den-ssh-port.html","data":{"post_id":"56250","post_slug":"wie-aendere-ich-den-ssh-port","post_cat_id":"9"}},{"type":"faq","url":"https:\/\/support.prepaid-hoster.de\/faq\/de\/virtuelle-server\/ssh-key-anlegen-und-benutzen.html","data":{"post_id":"56234","post_slug":"ssh-key-anlegen-und-benutzen","post_cat_id":"9"}},{"type":"faq","url":"https:\/\/support.prepaid-hoster.de\/faq\/de\/virtuelle-server\/wie-schalte-ich-die-ssh-passwort-authentifizierung-aus.html","data":{"post_id":"56268","post_slug":"wie-schalte-ich-die-ssh-passwort-authentifizierung-aus","post_cat_id":"9"}},{"type":"external","url":"https:\/\/www.ssh.com\/academy\/ssh\/security-best-practices","data":{"title":"Error 404 | Page not found","meta_description":"","meta":{"":"en","viewport":"width=device-width, initial-scale=1","twitter:description":"","twitter:title":"","google-site-verification":"2-i4pxivYF4_zBW_hXMJT-HeVUwXlr_SKnBgQA444to","facebook-domain-verification":"nagxteyr0mdlau84tpx4ocmrio07me","msvalidate.01":"DC7C7A40BD0A4B485788216A8C94281D","twitter:card":"summary","generator":"HubSpot"}}},{"type":"external","url":"https:\/\/www.fail2ban.org\/wiki\/index.php\/Main_Page","data":{"title":"GitHub - fail2ban\/fail2ban: Daemon to ban hosts that cause multiple authentication errors \u00b7 GitHub","meta_description":"Daemon to ban hosts that cause multiple authentication errors - fail2ban\/fail2ban","meta":{"":"","route-pattern":"\/:user_id\/:repository","route-controller":"files","route-action":"disambiguate","fetch-nonce":"v2:9a2e83c1-3dab-fa6c-d871-0ae750c0830e","current-catalog-service-hash":"f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb","request-id":"E2CE:2E2500:16D1FB0:EE4388:69D5AC7C","html-safe-nonce":"4073b1ec3967c480d62176d5510062fe0d8b50be266ae7e5ac0fcf4e18cf516d","visitor-payload":"eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJFMkNFOjJFMjUwMDoxNkQxRkIwOkVFNDM4ODo2OUQ1QUM3QyIsInZpc2l0b3JfaWQiOiIzMDg5NDAwMTQ0NDM5MzI3OTYiLCJyZWdpb25fZWRnZSI6ImZyYSIsInJlZ2lvbl9yZW5kZXIiOiJmcmEifQ==","visitor-hmac":"cba1a0e48b81ff1c295a9c00c1bd6419a08433201efdd06fa7b1457d87bf4337","hovercard-subject-tag":"repository:2476162","github-keyboard-shortcuts":"repository,copilot","selected-link":"","google-site-verification":"Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I","octolytics-url":"https:\/\/collector.github.com\/github\/collect","analytics-location":"\/\/","user-login":"","viewport":"width=device-width","apple-itunes-app":"app-id=1477376905, app-argument=https:\/\/github.com\/fail2ban\/fail2ban","twitter:image":"https:\/\/opengraph.githubassets.com\/d091c78e059046899ba48248615d10e407bcdfc53ce87b74ee3bc8f1306b5feb\/fail2ban\/fail2ban","twitter:site":"@github","twitter:card":"summary_large_image","twitter:title":"GitHub - fail2ban\/fail2ban: Daemon to ban hosts that cause multiple authentication errors","twitter:description":"Daemon to ban hosts that cause multiple authentication errors - fail2ban\/fail2ban","hostname":"github.com","expected-hostname":"github.com","turbo-cache-control":"no-cache","go-import":"github.com\/fail2ban\/fail2ban git https:\/\/github.com\/fail2ban\/fail2ban.git","octolytics-dimension-user_id":"1087378","octolytics-dimension-user_login":"fail2ban","octolytics-dimension-repository_id":"2476162","octolytics-dimension-repository_nwo":"fail2ban\/fail2ban","octolytics-dimension-repository_public":"true","octolytics-dimension-repository_is_fork":"false","octolytics-dimension-repository_network_root_id":"2476162","octolytics-dimension-repository_network_root_nwo":"fail2ban\/fail2ban","turbo-body-classes":"logged-out env-production page-responsive","disable-turbo":"false","browser-stats-url":"https:\/\/api.github.com\/_private\/browser\/stats","browser-errors-url":"https:\/\/api.github.com\/_private\/browser\/errors","release":"55bef2774d960417565d8f2f6943c5dec869cbd4","ui-target":"full","theme-color":"#1e2327","color-scheme":"light dark","github-code-view-meta-stats":""}}},{"type":"external","url":"https:\/\/www.ssh.com\/academy\/ssh\/key","data":{"title":"What is an SSH Key? An Overview of SSH Keys","meta_description":"An SSH key is an access credential in the SSH protocol. SSH keys authenticate users and hosts in SSH. ","meta":{"":"en","viewport":"width=device-width, initial-scale=1","twitter:description":"An SSH key is an access credential in the SSH protocol. SSH keys authenticate users and hosts in SSH. ","twitter:title":"What is an SSH Key? An Overview of SSH Keys","google-site-verification":"2-i4pxivYF4_zBW_hXMJT-HeVUwXlr_SKnBgQA444to","facebook-domain-verification":"nagxteyr0mdlau84tpx4ocmrio07me","msvalidate.01":"DC7C7A40BD0A4B485788216A8C94281D","twitter:card":"summary","twitter:domain":"www.ssh.com","generator":"HubSpot"}}},{"type":"external","url":"https:\/\/www.oracle.com\/java\/technologies\/javase\/javase-seccodeguide.html","data":{"title":"Page not found | Oracle","meta_description":"","meta":{"Title":"Page not found | Oracle","Description":"We can't find the page you were looking for","robots":"noindex, nofollow","":"text\/html; charset=utf-8","viewport":"width=device-width"}}},{"type":"external","url":"https:\/\/teamspeak.com\/en\/security\/","data":{"title":"404 Not Found","meta_description":"","meta":[]}}]}}