⚙️ Environment Summary:
- Server: Ubuntu 20.04 LTS (Lightsail)
- Services Running:
- Apache2 (2 websites)
- Email Server (Postfix/Dovecot assumed)
- Log Server (Syslog or custom logging)
- Goals: Audit for vulnerabilities, misconfiguration, and unnecessary exposure. Harden system and prepare a final report.
🧾 Audit Checklist (Manual + Scripted)
🔐 1. SSH Security Review
cat /etc/ssh/sshd_config
- ✔️ Check for
PermitRootLogin, PasswordAuthentication, Port, MaxAuthTries, AllowUsers
- ✔️ Enforced non-root sudo user with SSH key
- ✔️ Changed SSH port to 2222
- ✔️ Set
MaxAuthTries 3, LoginGraceTime 30, AllowUsers clientadmin
- 🛠️ Used Fail2Ban to block brute-force attempts
sudo apt install fail2ban -y
🔐 2. User and Group Audit
getent passwd | awk -F: '$3 >= 1000 {print $1}'
sudo getent group sudo
lastlog
- ✔️ Removed unused users
- ✔️ Checked for users with shell access but no clear role
- ✔️ Reviewed
sudoers, disabled passwordless sudo where not needed
- ✔️ Ran
lastlog and who to check logins
🔐 3. Open Ports + Services Audit
sudo ss -tuln
sudo netstat -tuln | grep LISTEN
- ✔️ Open ports: 80, 443, 2222, 25/465/587 (email)
- ❌ Found MySQL exposed on 3306 (locked down using UFW)
- ✔️ Disabled unused services using
systemctl disable xyz
🔥 4. Firewall and Network Rules
sudo ufw status numbered
sudo iptables -L
- ✔️ UFW rules enforced for minimal surface
- ✔️ Only 80, 443, 2222, email ports allowed
- ✔️ Deny by default + outbound allowed
- ✔️ ICMP echo requests dropped (optional)
🐍 5. Malware + Rootkit Scan
sudo apt install chkrootkit rkhunter lynis -y
sudo chkrootkit
sudo rkhunter --check
sudo lynis audit system
- ✔️ No rootkits found
- ✔️ Lynis reported outdated packages, fixed with full system update
🧪 6. File System and SUID/GUID Audit
find / -perm /6000 -type f 2>/dev/null
- ✔️ Identified and reviewed all SUID binaries
- ✔️ Restricted or removed dangerous ones (e.g.,
nmap, netcat if present)
📦 7. Package Audit
dpkg -l | grep -E "telnet|ftp|netcat"
- ❌ Found legacy packages like
telnet (removed)
- ✔️ Enabled unattended-upgrades for automatic patching
sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades
🔐 8. Apache and Website Security Review
cat /etc/apache2/sites-enabled/*.conf
- ✔️ Checked for missing
ServerTokens, ServerSignature
- ✔️ Disabled
.htaccess overrides where possible
- ✔️ Enabled HTTPS redirect, HSTS headers
- ✔️ Scanned site using:
📧 9. Email Server Checks
sudo systemctl status postfix
sudo postconf -n
- ✔️ Verified SMTP AUTH, SSL on mail ports
- ✔️ Checked SPF/DKIM/DMARC DNS records
- ✔️ Checked
/var/log/mail.log for spam attempts
📂 10. Log Configuration and Centralization
ls /var/log/
sudo cat /etc/rsyslog.conf
- ✔️ Verified logs were rotated and stored properly
- ✔️ Installed and configured
logwatch for daily summaries
- Optional: Configured central logging to a secondary log server (client-dependent)
📋 Sample Summary Report (Client Delivered)
## Security Audit Summary – Client Lightsail Server
**Date:** 2025-02-22
**Auditor:** mkcloudai.com
### Key Fixes:
- Disabled root login
- Enforced SSH keys
- Closed exposed MySQL port
- Hardened Apache2 and added SSL
- Scanned for malware/rootkits
- Hardened UFW rules
- Cleaned up unused users/services
**Score (pre-audit):** 45/100
**Score (post-audit):** 85/100 (based on CIS + Lynis)
**Recommendations:**
- Enable 2FA for admin panel/email
- Monitor logs via Fail2Ban + Logwatch
- Perform quarterly audits
✅ Final Deliverables Recap:
- Security audit scripts
- Audit report (Markdown/PDF)
- Hardened system
- SSL setup and troubleshooting
- Email + website confirmed working
- GitHub repo and full write-up
