Skip to main content

Phase 2: Harden the System

Objective

Harden a Linux virtual machine (VM) deployed in AWS against common threats by applying security best practices. This checkpoint demonstrates how to protect cloud-hosted Linux systems through SSH hardening, filesystem security, patch management, firewall configuration, and user privilege separation.

Implementation

  • SSH Hardening
    • Edit /etc/ssh/sshd_config:
# Disable root login:

PermitRootLogin no
# Disable password authentication

PasswordAuthentication no
# Restart SSH service:

sudo systemctl restart ssh
  • Filesystem Security
# Restrict access to sensitive files:

sudo chmod 640 /etc/shadow
sudo chown root:shadow /etc/shadow

# Ensures only privileged processes can read password hashes.
  • Patch Management
# Enable automatic security updates:

sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

# Keeps the system updated with the latest patches.
  • Firewall Setup
# Enable UFW and allow only essential ports:bash

sudo ufw enable
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Blocks all other traffic by default.
  • Create Nonโ€‘Root User
# Add a dedicated user for administration:

sudo adduser engineer
sudo usermod -aG sudo engineer

# Reduces risk by avoiding direct root access.

Deliverable

  • Security Checklist documenting:
    • SSH hardening steps.
    • Filesystem permission changes.
    • Patch management configuration.
    • Firewall rules.
    • Non-root user creation.

Checkpoint

Learners reflect on:

  • Which hardening step most improves production readiness.
  • Example reflections:
    • SSH hardening prevents brute-force root login attempts.
    • Patch management ensures ongoing protection against vulnerabilities.
    • Firewall rules minimize attack surface.

Hackers Notebook

Securing a Linux VM in AWS requires layered defense:

  • SSH hardening eliminates weak authentication vectors.
  • Filesystem security protects sensitive credentials from unauthorized access.
  • Patch management ensures vulnerabilities are addressed promptly.
  • Firewall configuration enforces strict traffic control.
  • Non-root user creation enforces the principle of least privilege.

Together, these measures form a baseline security posture for cloud-hosted Linux systems, aligning with industry best practices for production readiness.

Tips, Tricks, Roadmaps, Resources, Networking, Motivation, Guidance, and Cool Stuff โ™ฅ
Updated on Dec 23, 2025