Skip to content

Securing the Server

Admin9705 edited this page Feb 22, 2019 · 42 revisions

CLICKING the STAR in the UPPER RIGHT promotes our PROJECT on GITHUB! - WARNING, PLEASE VISIT https://pgblitz.com/wikis/ - This is the old wiki!


Do NOT FORGET SECURITY BASICS 101


Page Table of Contents

In this section, we will discuss the following steps:

Root Password

First thing to do if you were given a root password from you Server/VPS provider (especially via email) is to change it, please type:-

passwd

NOTE: My system is a mix of German and English, will update images later to English!

Type your chosen password twice (don't worry if you do not see the cursor move, it's meant to stay blank for security reasons) and you should see something like this:-

SUDO user account

Next we want to create a SUDO user account as it's not a good idea to access and run everything with root!

Remember to change YOUR-USERNAME to whatever you want

useradd -m -d /home/YOUR-USERNAME YOUR-USERNAME
usermod -aG sudo YOUR-USERNAME

Here we create a password for your new user (ideally different from your root password)

passwd YOUR-USERNAME
su YOUR-USERNAME
sudo usermod -s /bin/bash YOUR-USERNAME
### Switch to new user home folder ###
cd ~

Example to compare against:-

To exit out of your new user or ssh you can type exit and to change user just type su YOUR-USERNAME

PlexGuide Install

Now we need to install PlexGuide so that Fail2Ban and UFW are installed automatically. NOTE: This step can be skipped if you have already installed PlexGuide

CLICK HERE for methods and come back after you've installed it using the plexguide command.

You're nearly done, 3 more important steps to take!

Fail2Ban

CLICK HERE to set up the Fail2Ban Ban Hammer and come back afterwards.

UFW

UFW is your firewall, we'll just show you the minimum steps needed to protect your Server

sudo ufw status verbose
sudo ufw default allow outgoing
sudo ufw default deny incoming

Make sure to allow ssh or you will not be able to login!

sudo ufw allow ssh
sudo ufw enable

Plenty more info out there if you want to make your server even more secure!

Here are two you can have a read of:-

Reference 1: https://www.cyberciti.biz/faq/howto-configure-setup-firewall-with-ufw-on-ubuntu-linux/

Reference 2: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-14-04

Reboot your Server and login using your new user account as we will switch off root access in the next step!

sudo reboot

SSH Root Access

Finally, we should block root login via ssh as this is what bots tend to hack first!

sudo nano /etc/ssh/sshd_config

Look for PermitRootLogin yes and change the yes to no like this:-

Now to activate it we need to restart the ssh service with:-

sudo service ssh restart

SSH Key Method

- Please feel free to complete this for us!


For further reading check out the following:-

Info on securing servers via this blog: https://blog.devolutions.net/2017/4/10-steps-to-secure-open-ssh

Digital Ocean advice: https://www.digitalocean.com/community/tutorials/7-security-measures-to-protect-your-servers


Visit our Website By Click the Picture Below! N|Demo

N|Solid N|Solid

http://PGBlitz.wiki

Useful Starter Links

  1. Introduction
  2. Blitz YouTube Channel
  3. G-Suite Signup
  4. Recommended NewsHosts

Prior Planning 101

  1. Recommended Pre-Reading
  2. Server - Storage Planning
  3. Usenet or BitTorrent
  4. PG Editions
  5. PGBlitz Repos
  6. Common Issues

Deploy & Config

PGBlitz
  1. SSH Server Access
  2. Create a SUDO User
  3. Install PGBlitz
  4. WatchTower
  5. Remote Path Mappings

Data Transport
  1. PG Clone
    1. Google OAuth Keys
    2. PG Move
    3. PG Blitz
    4. 2nd HD Option

Key Components

  1. Traefik
  2. Port Guard
  3. PG Shield
  4. PG Press
  5. Google Cloud - GCE
    1. Automated setup
  6. Hetzner Cloud
  7. PG Fork
  8. Extra PG Commands

Blitz App Info

  1. Accessing PG Apps
  2. App Port Scheme
  3. Plex to AutoScan

Tools & Services

Core Apps [Expand]
  1. Emby
  2. Jackett
  3. Jellyfin
  4. LazyLibrarian
  5. Lidarr
  6. Netdata
  7. NZBGet
  8. Ombi
  9. Plex
  10. Portainer
  11. qBittorrent
  12. Radarr
  13. RuTorrent
  14. SABNZBD
  15. Sonarr
  16. Tautulli
Community Apps [Expand]
  1. AirSonic
  2. AllTube
  3. Bazarr
  4. Beets
  5. Bitwarden
  6. BookSonic
  7. cAdvisor
  8. Cloud Commander
  9. DDClient
  10. Deezloaderremix
  11. Deluge
  12. DelugeVPN
  13. Duplicati
  14. EmbyStats
  15. FlexGet
  16. Gazee
  17. Gitea
  18. Handbrake
  19. Headphones
  20. Heimdall
  21. HomeAssistant
  22. HTPCManager
  23. JDownloader2
  24. jd2-openvpn
  25. Kitana
  26. Logarr
  27. MakeMKV
  28. MariaDB
  29. McMyadmin
  30. MEDUSA
  31. Mellow
  32. Monitorr
  33. Muximux
  34. Mylar
  35. NextCloud
  36. NowShowing
  37. NZBHydra2
  38. NZBThrottle
  39. Organizr
  40. pyLoad
  41. Radarr4k
  42. Resilio
  43. rflood-openvpn
  44. rutorrent-openvpn
  45. ShareSite
  46. Shoko Anime Server
  47. SpeedTest
  48. SyncLounge
  49. Syncthing
  50. The Lounge
  51. Transmission
  52. Trakt.or
  53. Ubooquity
  54. x TeVe
  55. Zammad

Misc Info & Articles

  1. Change Server Time
  2. Fail2Ban
  3. Custom Containers
Scripts
  1. Scripting Area
    1. Auto Upload for Sonarr and Lidarr
    2. Auto Delete Log
    3. Plex Plugin DB Backup
    4. Plex fast BACKUP
Clone this wiki locally
You can’t perform that action at this time.