Additional security steps
Now that you've created a solid foundation for hardening your server, take a few more steps to enhance the security measures you've put into place.
Never install updates and patches on a production server until they've been tested on a test, or development, server. Because a GUI may not be installed on your server, you have to download any updates and patches through the terminal. When you're ready to install updates, enter the command
sudo apt-get update, and then
sudo apt-get dist-upgrade. In some cases, you need to restart your server.
Although viruses don't pose much of a threat to the GNU/Linux server, if you run Samba to share Windows files, make sure an antivirus scanner like ClamAV is installed so infected files don't spread throughout your system. In addition to viruses, worms, Trojans, and the like, there is also the danger of a hacker installing a rootkit on your system and gaining root-level permissions to capture passwords, intercept traffic, and create other vulnerabilities. To combat this threat, install tools such as the Rootkit Hunter, (
chkrootkit on the server (see Resources for a link to "Hardening the Linux desktop," which contains instructions).
Servers that house terabytes of information, corporate websites, or catalogs for directory services need to have a backup and recovery strategy in place. Not only does this make sense, but sometimes e-discovery laws and regulations require that you hand over information upon request. Most corporate networks can afford redundancy through multiple servers, and smaller networks can find peace of mind through virtualization and backup and recovery software.
If you're planning to run backup and recovery software from the Ubuntu repositories, Simple Backup (SBackup) is an excellent choice, because it can be run from either the command-line interface or a GUI. When backing up server data on a corporate network, it's important to store your backup files outside the server. Portable storage devices provide large amounts of storage space at reasonable prices, and they're excellent options for storing backed-up files and directories.
As the systems administrator, you're required to set passwords for your server's root account and possibly other sensitive accounts in your organization, such as MySQL databases or FTP connections. You can't force strong passwords for your users with Ubuntu Server, but you can be sure you train users on how to create a strong password.
Passwords should be at least eight characters long and contain at least three of the following: an uppercase letter, a lowercase letter, a number, or a symbol. One way to teach users to use strong passwords but keep them from writing down complex passwords on sticky notes is to have them use passphrases. Something like Myf@voritecolorisBlue! is much easier to remember than M$iuR78$, and both meet minimal complexity standards.