DEV Community: Sovrab Roy

How to Secure an Ubuntu Linux Server for Production

Sovrab Roy — Fri, 08 May 2026 21:43:11 +0000

How to Secure an Ubuntu Linux Server for Production

Securing a production Linux server is one of the most important responsibilities of a system administrator. A poorly configured server can become an easy target for brute-force attacks, malware, unauthorized access, and service disruption.

In this guide, I’ll share essential steps to harden and secure an Ubuntu server for production environments.

1. Update Your Server Regularly

Always keep your system packages updated to patch security vulnerabilities.

sudo apt update && sudo apt upgrade -y

You should also remove unused packages:

sudo apt autoremove -y

2. Create a Non-Root User

Avoid using the root user directly for daily administration tasks.

Create a new user:

sudo adduser adminuser

Add the user to the sudo group:

sudo usermod -aG sudo adminuser

3. Disable Root SSH Login

Root login through SSH is a major security risk.

Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find:

PermitRootLogin yes

Change it to:

PermitRootLogin no

Restart SSH:

sudo systemctl restart ssh

4. Change the Default SSH Port

Changing the default SSH port helps reduce automated brute-force attacks.

Inside the SSH config file:

Port 2222

Restart SSH:

sudo systemctl restart ssh

Remember to allow the new port in your firewall.

5. Configure UFW Firewall

Ubuntu comes with UFW (Uncomplicated Firewall).

Allow required services:

sudo ufw allow 2222/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

Enable the firewall:

sudo ufw enable

Check status:

sudo ufw status

6. Install Fail2Ban

Fail2Ban blocks repeated failed login attempts automatically.

Install it:

sudo apt install fail2ban -y

Enable and start the service:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Check status:

sudo fail2ban-client status

7. Use SSH Key Authentication

SSH keys are much safer than passwords.

Generate SSH keys on your local machine:

ssh-keygen

Copy the public key to the server:

ssh-copy-id user@server-ip

Then disable password authentication:

PasswordAuthentication no

Restart SSH afterward.

8. Secure Docker Containers

If you use Docker in production:

Avoid running containers as root
Keep images updated
Use trusted images only
Limit exposed ports
Scan images for vulnerabilities

Update Docker regularly:

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io

9. Enable Automatic Security Updates

Install unattended upgrades:

sudo apt install unattended-upgrades -y

Enable automatic security updates:

sudo dpkg-reconfigure unattended-upgrades

10. Monitor Logs and System Activity

Regular monitoring helps detect suspicious activity early.

Useful commands:

sudo journalctl -xe

sudo tail -f /var/log/auth.log

You can also use tools like:

Prometheus
Grafana
Netdata
Uptime Kuma

11. Backup Your Server

Always maintain secure backups.

Recommended practices:

Daily automated backups
Offsite storage
Database dumps
Backup verification

Tools:

rsync
BorgBackup
Restic
Rclone

Final Thoughts

Server security is not a one-time setup. It’s an ongoing process that requires continuous monitoring, updates, and optimization.

A properly secured Ubuntu server reduces risks, improves reliability, and helps maintain stable production environments.

If you’re managing Linux servers in production, implementing these security practices is essential.

linux #ubuntu #security #devops

Useful Linux Commands Every System Administrator Should Know

Sovrab Roy — Thu, 07 May 2026 21:41:24 +0000

Useful Linux Commands Every System Administrator Should Know

Linux system administration becomes much easier when you know the right commands for monitoring, troubleshooting, and managing servers efficiently.

In this article, I’ll share some useful Linux commands that I regularly use while managing production servers and cloud infrastructure environments.

1. Check System Uptime

uptime

Displays:

server uptime
current load average
active users

Useful for quick server health checks.

2. Monitor Running Processes

htop

top

Helps identify:

high CPU usage
memory consumption
overloaded processes

3. Check Disk Usage

df -h

Displays disk space usage in human-readable format.

4. Analyze Directory Sizes

du -sh *

Very useful when troubleshooting storage problems.

5. Check Memory Usage

free -m

Shows:

RAM usage
swap usage
available memory

6. View Running Services

systemctl list-units --type=service

Manage services:

sudo systemctl restart nginx
sudo systemctl status mysql

7. Monitor Network Connections

ss -tulpn

Useful for checking:

open ports
active services
listening processes

8. Search Logs Efficiently

tail -f /var/log/syslog

journalctl -xe

Essential for troubleshooting server issues.

9. Secure File Permissions

chmod 644 file.txt
chmod 755 script.sh

Understanding Linux permissions is critical for server security.

10. Check Server IP Address

ip a

hostname -I

11. Test Server Connectivity

ping google.com

Check routing:

traceroute google.com

12. Monitor Real-Time Resource Usage

vmstat 1

Provides live system performance statistics.

13. Docker Management Commands

List containers:

docker ps

View logs:

docker logs container_name

Restart container:

docker restart container_name

14. Secure SSH Access

Restart SSH:

sudo systemctl restart ssh

Check SSH port:

sudo ss -tulpn | grep ssh

Conclusion

Linux commands are powerful tools for server administration, monitoring, troubleshooting, and infrastructure management.

A strong understanding of Linux fundamentals helps system administrators maintain stable, secure, and high-performance production environments.

I regularly work with Linux servers, Docker, cPanel/WHM, hosting technologies, and cloud infrastructure optimization.

🌐 Portfolio:
https://sovrabroy.online

linux #devops #bash #serveradministration

Essential Linux Server Hardening Steps for Production Environments

Sovrab Roy — Wed, 06 May 2026 22:07:26 +0000

Essential Linux Server Hardening Steps for Production Environments

Securing a Linux server is one of the most important responsibilities of a system administrator. A poorly configured server can become vulnerable to brute-force attacks, malware, privilege escalation, and unauthorized access.

In this article, I will share some essential Linux server hardening steps that I usually apply after deploying a fresh Ubuntu or Debian server for production use.

1. Update System Packages

The first thing I do is update all installed packages and security patches.

sudo apt update && sudo apt upgrade -y

Keeping packages updated reduces security vulnerabilities and improves server stability.

2. Create a Non-Root Sudo User

Using the root account directly is risky. Instead, create a separate sudo user.

adduser sovrab
usermod -aG sudo sovrab

This improves accountability and reduces direct root exposure.

3. Disable Root SSH Login

Root login through SSH should be disabled to prevent brute-force attacks.

Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find:

PermitRootLogin yes

Change it to:

PermitRootLogin no

Restart SSH service:

sudo systemctl restart ssh

4. Change Default SSH Port

Changing the default SSH port from 22 to another custom port helps reduce automated attack attempts.

Example:

Port 2222

Do not forget to allow the new port through the firewall.

5. Configure UFW Firewall

Ubuntu ships with UFW (Uncomplicated Firewall), which is easy to configure.

Allow SSH port:

sudo ufw allow 2222/tcp

Enable firewall:

sudo ufw enable

Check status:

sudo ufw status

6. Install Fail2Ban

Fail2Ban protects servers from repeated failed login attempts.

Install:

sudo apt install fail2ban -y

Enable and start:

sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Check status:

sudo fail2ban-client status

7. Configure Automatic Security Updates

Automatic security updates help patch vulnerabilities quickly.

Install unattended upgrades:

sudo apt install unattended-upgrades

Enable:

sudo dpkg-reconfigure unattended-upgrades

8. Disable Unused Services

Unused services increase attack surfaces.

Check running services:

sudo systemctl list-units --type=service

Disable unnecessary services:

sudo systemctl disable service-name

9. Monitor Server Resources

Resource monitoring helps detect unusual activity and performance bottlenecks.

Useful commands:

htop
df -h
free -m
uptime

10. Secure Shared Hosting Environments

For cPanel or shared hosting servers, additional security measures are recommended:

Configure CSF firewall
Enable ModSecurity
Harden PHP functions
Use CloudLinux isolation
Enable ImunifyAV or Imunify360
Configure secure backups

11. Backup Strategy

Backups are critical for disaster recovery.

Important backup locations:

Website files
MySQL databases
Configuration files
DNS zones
Email accounts

I usually automate backups using shell scripts and remote storage solutions.

12. Docker Security Basics

If Docker is installed:

Avoid running containers as root
Use trusted images only
Keep images updated
Limit container privileges
Monitor exposed ports

Check containers:

docker ps

Conclusion

Linux server hardening is not a one-time task. Security requires continuous monitoring, patching, auditing, and optimization.

A properly secured Linux server improves reliability, uptime, and infrastructure stability while reducing security risks.

As a Linux System Administrator and Server Engineer, I regularly work with Linux servers, cloud infrastructure, Docker, cPanel, hosting technologies, and production environment optimization.

🌐 Portfolio:
https://sovrabroy.online

linux #devops #cloud #docker #serveradministration

Hello DEV Community 👋 I'm Sovrab Roy, a Linux System Administrator & Server Engineer from Bangladesh. I work with Linux servers, cloud infrastructure, cPanel, Docker, hosting technologies, and server optimization. Looking forward to sharing technical

Sovrab Roy — Wed, 06 May 2026 22:02:07 +0000