Operating System Hardening First

Before installing Apache or Nginx, securing the underlying operating system is paramount. Start with a minimal installation of your chosen Linux distribution, including only essential packages. This reduces the attack surface by eliminating unnecessary services and potential vulnerabilities. For production servers, consider using security-focused distributions like Ubuntu Server LTS, CentOS, or Debian, which receive regular security updates and have strong community support.

Update your system immediately after installation and configure automatic security updates. For Ubuntu/Debian systems, use:

sudo apt update && sudo apt upgrade -y
sudo apt install unattended-upgrades
sudo dpkg-reconfigure -plow unattended-upgrades

For CentOS/RHEL systems:

sudo yum update -y
sudo yum install yum-cron
sudo systemctl enable yum-cron
sudo systemctl start yum-cron

Configure a firewall before connecting to the network. UFW (Uncomplicated Firewall) on Ubuntu or firewalld on CentOS provide user-friendly interfaces for iptables:

# Ubuntu UFW example
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

# CentOS firewalld example
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload