Ubuntu 22.04 LTS – Basic Hardening Script

The first thing I do when I launch a VM is to secure the OS.

To do so, I created a script that automates the process.

There are two versions of the script.

The first one is for the cloud providers that give a root user as the first user (DigitalOcean), and the second one is for the cloud providers that give a user with sudo privileges (AWS, Azure, GCP).

Both scripts do:

  • Update and upgrade packages
  • Disable root login and enforce key-based authentication
  • Configure secure SSH cipher settings
  • Install UFW, Enable firewall (ufw) & allow OpenSSH
  • Install and configure fail2ban to prevent brute-force attacks
  • Set up automatic security updates

The script for the root user does:

  • Add a new user
  • Give sudo privilege to new user
  • Copy the SSH key from root to new user

You can find both scripts on my GitHub