Newly activated cloud servers require some initial security configurations before they can be deployed into production. This article demonstrates how to properly configure security settings for a cloud server running Ubuntu 18.04, providing references for system administrators in their operations and maintenance work.

Step One: Create a New User

One common best practice is to avoid using the default root account. Therefore, we need to create a new user (such as “zhaomu”) for remote management of the cloud server.

adduser zhaomu

Note: Avoid using easily guessable common usernames, such as admin, as these can be readily scanned and exploited by hackers. When setting a new username’s password, it is strongly recommended to use a combination of uppercase and lowercase letters, numbers, and special symbols to enhance security to the greatest extent.

After successfully creating the user, grant sudo permissions to execute commands with administrator privileges.

usermod -aG sudo zhaomu

Switch to the new user to log in:

su - zhaomu

Step Two: Configure the Firewall

The Ubuntu 18.04 operating system comes with UFW (Uncomplicated Firewall) pre-installed. Use the following command to check if the firewall is installed:

sudo ufw status

If the UFW firewall is installed, it will show an inactive status. If it is not installed, the system will provide installation steps. Please use the following command to install UFW:

sudo apt-get install ufw -y

Allow remote login and set port 22 to allow access:

sudo ufw allow 22

Alternatively, you can set up OpenSSH; choose one of the two options:

sudo ufw allow OpenSSH

Enable the UFW firewall:

sudo ufw enable

Note: Before enabling the firewall, make sure that the settings allow remote login. Otherwise, you might lock yourself out and be unable to manage the cloud server.

Check the firewall status again:

sudo ufw status

If we see the following prompt, it means that the firewall has been successfully configured and enabled.

Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)

These are the steps for the initial security setup of an Ubuntu 18.04 cloud server. Through these settings, common security issues such as illegal intrusions and brute force attacks can be effectively avoided.