Hardening Ubuntu for a Homelab
Gage Olson• Cybersecurity Practitionerlinux
hardening
homelab
ubuntu
security
Hardening Ubuntu for a Homelab
Introduction
This guide provides step-by-step instructions for hardening Ubuntu systems in homelab environments, focusing on security best practices and system hardening techniques.
Prerequisites
- Ubuntu 20.04 LTS or later
- Root or sudo access
- Basic command line knowledge
Step 1: System Updates
First, ensure your system is up to date:
bash
sudo apt update && sudo apt upgrade -yStep 2: Firewall Configuration
Configure UFW (Uncomplicated Firewall):
bash
# Enable UFW
sudo ufw enable
# Set default policies
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Allow SSH (adjust port as needed)
sudo ufw allow sshStep 3: SSH Hardening
Edit the SSH configuration:
bash
sudo nano /etc/ssh/sshd_configKey settings to modify:
bash
# Disable root login
PermitRootLogin no
# Disable password authentication
PasswordAuthentication no
# Change default port
Port 2222
# Limit users
AllowUsers yourusernameStep 4: System Hardening
Disable Unnecessary Services
bash
# Check running services
sudo systemctl list-units --type=service --state=running
# Disable unnecessary services
sudo systemctl disable bluetooth
sudo systemctl disable cups
sudo systemctl disable avahi-daemonConfigure Automatic Security Updates
bash
sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgradesStep 5: User Account Security
Create a non-root user
bash
# Create user
sudo adduser homelab
# Add to sudo group
sudo usermod -aG sudo homelab
# Switch to new user
su - homelabConfigure sudo
bash
sudo visudoAdd the following line:
bash
homelab ALL=(ALL) NOPASSWD:ALLConclusion
This hardening process significantly improves the security posture of your Ubuntu homelab system. Remember to:
- Regularly update packages
- Monitor system logs
- Use strong authentication methods
- Keep backups of important configurations