firewall

Uncomplicated Firewall (UFW) + Cheatsheet

by with No Comment Linux

When it comes to securing your Linux server or system, one of the most important tools at your disposal is a firewall. A firewall controls the incoming and outgoing network traffic based on predetermined security rules. UFW, short for Uncomplicated Firewall, is a simple and easy-to-use interface to manage iptables, making it an excellent option for beginners and even experienced system administrators who need something quick and functional.

What is UFW?

UFW is the default firewall configuration tool for Ubuntu and many other Debian-based Linux distributions. The primary goal of UFW is to make managing a firewall straightforward while providing enough features for complex use cases. Under the hood, UFW manages iptables, the more powerful and flexible (but also more complex) firewall solution in Linux.

With UFW, you can set up a firewall with just a few commands without needing deep knowledge of network security concepts.

Why Use UFW?

  1. User-Friendly: UFW simplifies the process of setting up firewall rules. You don’t need to have prior knowledge of iptables to use it.
  2. Pre-installed on Ubuntu: UFW is installed by default in Ubuntu and many other Debian-based distros.
  3. Quick Setup: You can configure your firewall in a few simple commands, perfect for those who want basic functionality with minimal fuss.
  4. IPv6 Compatible: UFW supports both IPv4 and IPv6 traffic, making it future-proof.
  5. Log Management: UFW also offers easy-to-read log outputs, simplifying troubleshooting.

Installing UFW

In most cases, UFW comes pre-installed on your Ubuntu system. If it isn’t installed on your system, you can install it using the following command:

sudo apt install ufw

Enabling UFW

To enable UFW, run:

sudo ufw enable

This will activate the firewall with the default rules, which typically allow all outgoing connections and deny all incoming ones, except SSH.

Basic Commands for UFW

Here are some essential UFW commands you’ll use when configuring your firewall:

  • Enable UFW: sudo ufw enable
  • Disable UFW: sudo ufw disable
  • Check UFW Status: sudo ufw status
  • Verbose Status: sudo ufw status verbose

Allow and Deny Rules

UFW allows you to set rules for specific ports or services. For example, if you want to allow traffic on port 22 (SSH), you can use the following command:

sudo ufw allow 22

Alternatively, you can specify the service name if it is known by UFW:

sudo ufw allow ssh

To deny traffic on a specific port:

sudo ufw deny 80

Common Allow and Deny Commands:

  • Allow HTTP: sudo ufw allow http or sudo ufw allow 80
  • Allow HTTPS: sudo ufw allow https or sudo ufw allow 443
  • Allow a range of ports: sudo ufw allow 1000:2000/tcp
  • Allow IP-specific access: sudo ufw allow from 192.168.1.10
  • Deny All Traffic: sudo ufw default deny incoming

Removing Rules

If you need to remove a rule that you’ve added, the syntax is as follows:

sudo ufw delete allow ssh

Or by port:

sudo ufw delete allow 22

Advanced UFW Rules

  • Allow Specific IP Address: If you want to allow traffic from a specific IP address to a specific port, use the following format:
sudo ufw allow from 192.168.1.10 to any port 22
  • Allow Traffic on a Specific Interface: To allow traffic on a specific network interface (e.g., eth0), use this command:
sudo ufw allow in on eth0 to any port 80
  • Deny Specific IP Address:
sudo ufw deny from 192.168.1.20

Resetting UFW

If you need to reset UFW to its default settings, use:

sudo ufw reset

This will disable UFW and delete all the rules that have been set.

UFW Logging

UFW also provides logging options to help you monitor and troubleshoot. To enable logging, run:

sudo ufw logging on

To disable it:

sudo ufw logging off

You can also set the verbosity level:

sudo ufw logging high

UFW Cheat Sheet

Here’s a quick cheatsheet with some of the most commonly used UFW commands:

CommandDescription
sudo ufw enableEnable the firewall
sudo ufw disableDisable the firewall
sudo ufw statusCheck firewall status
sudo ufw status verboseGet detailed status information
sudo ufw allow 80/tcpAllow HTTP traffic (port 80)
sudo ufw allow 443/tcpAllow HTTPS traffic (port 443)
sudo ufw allow sshAllow SSH (default port 22)
sudo ufw deny 8080/tcpDeny traffic on port 8080
sudo ufw allow from 192.168.1.100Allow traffic from a specific IP
sudo ufw delete allow sshRemove the SSH rule
sudo ufw default deny incomingSet default to deny all incoming traffic
sudo ufw default allow outgoingAllow all outgoing traffic by default
sudo ufw logging onTurn on logging
sudo ufw logging offTurn off logging
sudo ufw resetReset to default settings
sudo ufw reloadReload UFW configuration

Conclusion

UFW is a straightforward yet powerful tool for configuring a firewall on your Linux machine. Whether you’re managing a personal server or a production environment, using UFW can help you ensure that only authorized traffic reaches your machine. With its simplicity and the variety of rules you can create, it’s a great tool to master for network security.

Feel free to explore more advanced configurations as you become comfortable with the basics. Stay secure!

linux-system-administration (1)

Linux System Administration Best Practices

by with No Comment Linux

As a Linux system administrator, your role involves maintaining the stability, security, and performance of the systems you manage. Whether you’re working on Ubuntu, CentOS, or any other Linux distribution, following best practices is essential for ensuring that your systems run efficiently and securely. In this blog post, we’ll discuss key best practices in Linux system administration, along with a handy cheatsheet of common commands for both Ubuntu and CentOS.

1. Keep the System Updated

Security vulnerabilities are constantly being discovered, and one of the most critical tasks for a system admin is to ensure that the system is always up to date. Regularly update your system to apply the latest security patches, kernel updates, and software upgrades.

  • Ubuntu: sudo apt update && sudo apt upgrade -y
  • CentOS: sudo yum update -y

2. Use Strong Password Policies

Weak passwords can be an entry point for unauthorized access. Enforce strong password policies, such as requiring a combination of letters, numbers, and symbols, and setting up password expiration rules.

  • Ubuntu: Configure /etc/pam.d/common-password and /etc/login.defs
  • CentOS: Configure /etc/pam.d/system-auth and /etc/login.defs

3. Automate with Scripts and Cron Jobs

To streamline repetitive tasks, such as backups, log rotation, or system checks, use shell scripts and cron jobs. Automating these tasks reduces manual intervention and minimizes the risk of human error.

  • Cron Job Example: crontab -e
    • Schedule a script to run every day at midnight:
0 0 * * * /path/to/script.sh

4. Monitor System Performance and Logs

Monitoring system performance and analyzing logs is essential for proactive troubleshooting and avoiding potential problems. Tools like htop, dstat, and log analysis utilities (journalctl, logwatch) are very useful for gaining insights into system performance.

  • System Monitoring Tools:
    • htop: Interactive process viewer.
    • iostat: Monitor CPU and I/O performance.
    • journalctl: View and filter system logs.

5. Set Up Proper File and Directory Permissions

Misconfigured file permissions can expose sensitive data or grant unauthorized access. Always use the least privilege principle and set proper permissions for files and directories. Be mindful of using commands like chmod and chown to avoid exposing sensitive files.

  • Check Permissions: ls -l
  • Set Permissions: chmod 750 /path/to/file
  • Change Ownership: chown user:group /path/to/file

6. Backup Regularly

Data loss can be catastrophic, so regular backups are crucial. Use tools like rsync, tar, and cloud storage solutions to schedule automatic backups. Ensure that your backups are stored securely, and regularly test them to verify data integrity.

  • Basic Backup with Tar:
    • tar -cvpzf backup.tar.gz /directory/to/backup
  • Rsync Example:
    • rsync -avz /source/directory/ /backup/directory/

7. Use SSH for Secure Remote Access

SSH is a secure protocol for remote access and management of Linux servers. Make sure to disable root login, use strong SSH keys, and configure firewall rules to limit access.

  • Disable Root Login: Edit /etc/ssh/sshd_config and set PermitRootLogin no.
  • Generate SSH Keys: ssh-keygen -t rsa -b 4096

8. Enable and Configure a Firewall

Firewalls protect your system by filtering unwanted traffic. Use tools like UFW (on Ubuntu) and firewalld (on CentOS) to configure basic firewall rules and close unnecessary ports.

  • Ubuntu:
    • Enable UFW: sudo ufw enable
    • Allow SSH: sudo ufw allow ssh
  • CentOS:
    • Start Firewalld: sudo systemctl start firewalld
    • Allow HTTP: sudo firewall-cmd --permanent --add-service=http && sudo firewall-cmd --reload

9. Manage User Accounts and Groups

Proper user and group management is essential for securing system access. Regularly audit user accounts, delete unused accounts, and assign users to appropriate groups to enforce role-based access control.

  • Add a User: sudo adduser username
  • Add to a Group: sudo usermod -aG groupname username
  • Delete a User: sudo deluser username

10. Use SELinux or AppArmor

Security-enhanced Linux (SELinux) on CentOS and AppArmor on Ubuntu provide an additional layer of security by restricting program capabilities based on security policies.

  • Check SELinux Status on CentOS: sestatus
  • Enable AppArmor on Ubuntu: sudo systemctl enable apparmor

Linux System Administration Command Cheatsheet

1. Package Management

  • Ubuntu (APT Package Manager):
    • Update repositories: sudo apt update
    • Upgrade installed packages: sudo apt upgrade
    • Install a package: sudo apt install package_name
    • Remove a package: sudo apt remove package_name
  • CentOS (YUM/DNF Package Manager):
    • Update repositories: sudo yum update
    • Install a package: sudo yum install package_name
    • Remove a package: sudo yum remove package_name
    • Check for available updates: sudo yum check-update

2. User and Group Management

  • Ubuntu/CentOS:
    • Add a new user: sudo adduser username
    • Change user password: sudo passwd username
    • Add user to a group: sudo usermod -aG groupname username
    • Delete a user: sudo deluser username

3. System Monitoring

  • Ubuntu/CentOS:
    • Monitor system performance: top or htop
    • Check disk usage: df -h
    • Check memory usage: free -m
    • View system logs: journalctl -xe

4. File Permissions and Ownership

  • Ubuntu/CentOS:
    • Change file permissions: chmod 755 filename
    • Change file ownership: chown user:group filename
    • View file permissions: ls -l filename

5. Networking

  • Ubuntu/CentOS:
    • Display IP address: ip addr or ifconfig
    • Check open ports: netstat -tuln or ss -tuln
    • Test connectivity: ping google.com

6. Firewall Management

  • Ubuntu (UFW):
    • Enable UFW: sudo ufw enable
    • Allow SSH: sudo ufw allow ssh
    • Check status: sudo ufw status
  • CentOS (Firewalld):
    • Start firewalld: sudo systemctl start firewalld
    • Allow a service: sudo firewall-cmd --permanent --add-service=http && sudo firewall-cmd --reload
    • Check status: sudo firewall-cmd --state

7. SSH Management

  • Ubuntu/CentOS:
    • Generate SSH keys: ssh-keygen -t rsa -b 4096
    • Copy SSH key to server: ssh-copy-id user@server_ip
    • Restart SSH service: sudo systemctl restart sshd

8. Disk Management

  • Ubuntu/CentOS:
    • Check disk space: df -h
    • View mounted drives: lsblk
    • Check disk inodes: df -i
    • Mount a filesystem: mount /dev/sdX /mnt/directory

9. Backup and Restore

  • Ubuntu/CentOS:
    • Backup directory using tar: tar -cvpzf backup.tar.gz /path/to/directory
    • Restore from a tar backup: tar -xvpzf backup.tar.gz -C /restore/location

Conclusion

By following these best practices and using the commands outlined in the cheatsheet, you’ll be well on your way to managing Ubuntu and CentOS systems securely and efficiently. System administration requires both proactive and reactive management, and a well-organized, secure, and automated system is key to long-term success. Happy system administering!