How to Harden Ubuntu 24.04 Server Security in 2026: Complete Guide
Securing your Ubuntu 24.04 server is critical in 2026, especially with increasing cyber threats targeting Linux infrastructure. This comprehensive guide shows you exactly how to harden Ubuntu 24.04 server security with proven, step-by-step methods that protect your system from unauthorized access, malware, and data breaches.
Whether you’re running a production web server, database, or development environment, implementing these Ubuntu 24.04 server security best practices will significantly reduce your attack surface and keep your infrastructure safe.
Why Ubuntu 24.04 Server Security Matters
Ubuntu 24.04 LTS (Long-Term Support) brings significant security improvements, including Linux kernel 6.8 with enhanced security mitigations, updated OpenSSH and OpenSSL versions, and improved AppArmor profiles. However, default installations still require hardening to achieve enterprise-grade Ubuntu 24.04 server security.
Recent security statistics show that 70% of successful server breaches exploit weak SSH configurations, outdated packages, or misconfigured firewalls—all preventable with proper Ubuntu server security hardening. Let’s implement these protections now.
Step 1: Initial System Hardening and User Configuration
The foundation of Ubuntu 24.04 server security starts with proper user management and SSH configuration. Never use the root account directly—always use
1 | <code> |
sudo for administrative tasks.
Create a Non-Root Administrative User
2
3
4
5
6
7
sudo adduser secureadmin
sudo usermod -aG sudo secureadmin
# Test sudo access
su - secureadmin
sudo whoami # Should return 'root'
This establishes accountability and limits the blast radius of compromised credentials. Every administrative action is logged with the user’s identity, essential for Ubuntu 24.04 server security auditing.
Step 2: SSH Hardening for Ubuntu 24.04
SSH is the primary attack vector for Linux servers. Implementing SSH hardening Ubuntu 24.04 protections is your first line of defense against brute-force attacks and unauthorized access.
Disable Password Authentication and Root Login
2
3
4
5
6
7
8
9
10
11
12
13
14
sudo nano /etc/ssh/sshd_config
# Apply these security settings:
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding no
AllowUsers secureadmin
# Restart SSH service
sudo systemctl restart sshd
Before disabling password authentication, ensure you have SSH keys properly configured. Generate a key pair on your local machine:
2
3
ssh-keygen -t ed25519 -C "[email protected]"
ssh-copy-id secureadmin@your-server-ip
This approach eliminates password-based attacks entirely, a critical step in hardening Ubuntu 24.04 server security. The Ed25519 algorithm provides excellent security with small key sizes.
Change Default SSH Port (Optional but Recommended)
2
3
4
5
6
Port 2222 # Use any port between 1024-65535
# Update firewall before restarting SSH
sudo ufw allow 2222/tcp
sudo systemctl restart sshd
While security through obscurity isn’t a replacement for strong authentication, changing the default port 22 reduces automated bot attacks by 95%, according to server security studies. For more Linux security tips, see our guide on securing NFS shares in Linux.
Step 3: Configure UFW Firewall for Ubuntu 24.04
Ubuntu’s Uncomplicated Firewall (UFW) provides essential network-level protection. Proper firewall configuration Ubuntu 24.04 blocks all unnecessary traffic by default.
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Allow SSH (use your custom port if changed)
sudo ufw allow 2222/tcp
# Allow HTTP and HTTPS for web servers
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
# Enable firewall
sudo ufw enable
# Check firewall status
sudo ufw status verbose
This configuration implements the principle of least privilege—only explicitly allowed services can receive inbound connections. Every production Ubuntu 24.04 server should have UFW enabled as baseline protection.
Step 4: Automatic Security Updates with Unattended-Upgrades
Outdated packages are the #1 cause of server compromises. Configure automatic security updates to maintain Ubuntu 24.04 server security without manual intervention.
2
3
4
5
6
7
sudo apt update
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades
# Verify configuration
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
Ensure these lines are uncommented:
2
//"${distro_id}:${distro_codename}-updates";
This automatically installs security patches from Ubuntu’s security repository, keeping your system protected against known vulnerabilities. You can verify pending updates with:
2
sudo apt list --upgradable
For additional security configuration tips, check our guide on running secure shell scripts in Linux.
Step 5: Implement Fail2Ban for Intrusion Prevention
Fail2Ban monitors log files and automatically blocks IP addresses showing malicious behavior. This is essential Ubuntu 24.04 intrusion prevention that stops brute-force attacks before they succeed.
2
3
4
5
6
sudo apt install fail2ban
# Create local configuration
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local
Configure SSH protection (adjust port if you changed it):
2
3
4
5
6
7
8
enabled = true
port = 2222
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
findtime = 600
This configuration bans any IP address that fails 3 SSH login attempts within 10 minutes, for 1 hour. Adjust these values based on your security requirements.
2
3
4
5
sudo systemctl restart fail2ban
# Check banned IPs
sudo fail2ban-client status sshd
Step 6: Enable AppArmor for Mandatory Access Control
AppArmor provides Linux kernel security module that restricts program capabilities. Ubuntu 24.04 ships with AppArmor enabled by default, but you should verify and optimize profiles.
2
3
4
5
6
7
8
sudo aa-status
# View profiles
sudo aa-enforce /etc/apparmor.d/*
# Install additional profiles
sudo apt install apparmor-profiles apparmor-profiles-extra
AppArmor limits what actions processes can take, even if compromised. For example, a web server process can’t access system files outside its designated directory, significantly improving Ubuntu 24.04 server security.
Step 7: Configure Password Policies with PAM
Even with SSH key authentication, local accounts need strong password policies for console access and sudo operations.
2
3
4
5
sudo apt install libpam-pwquality
# Configure password requirements
sudo nano /etc/security/pwquality.conf
Recommended settings:
2
3
4
5
minclass = 3
maxrepeat = 2
reject_username
enforce_for_root
This enforces 12-character minimum passwords with at least 3 character classes (uppercase, lowercase, digits, special). Configure account lockout after failed attempts:
2
3
4
5
sudo nano /etc/pam.d/common-auth
# Add this line:
auth required pam_faillock.so preauth silent deny=5 unlock_time=1800
This locks accounts after 5 failed attempts for 30 minutes, preventing brute-force attacks on local authentication.
Step 8: Implement System Auditing with Auditd
The Linux Audit Framework (auditd) tracks security-relevant system events, crucial for compliance and forensic analysis.
2
3
4
5
6
7
8
9
sudo apt install auditd audispd-plugins
# Enable and start service
sudo systemctl enable auditd
sudo systemctl start auditd
# Add audit rules for critical files
sudo nano /etc/audit/rules.d/audit.rules
Essential audit rules for Ubuntu 24.04 server security:
2
3
4
5
6
7
8
9
10
11
-w /etc/passwd -p wa -k passwd_changes
# Monitor /etc/group changes
-w /etc/group -p wa -k group_changes
# Monitor sudo commands
-w /etc/sudoers -p wa -k sudoers_changes
# Monitor SSH key directory
-w /root/.ssh -p wa -k root_ssh_keys
Reload audit rules and check status:
2
sudo auditctl -l
Step 9: Disable Unnecessary Services
Every running service is a potential attack vector. Minimize your attack surface by disabling unused services.
2
3
4
5
6
7
8
9
10
systemctl list-units --type=service --state=running
# Disable unnecessary services (example)
sudo systemctl disable bluetooth.service
sudo systemctl stop bluetooth.service
# Remove unnecessary packages
sudo apt purge snapd # If not using snaps
sudo apt autoremove
Only keep services you actively use. A minimal web server typically only needs SSH, HTTP/HTTPS, and your web server service running.
Step 10: Regular Security Monitoring and Maintenance
Security isn’t a one-time setup—it requires ongoing monitoring. Implement these practices:
Daily Security Checks
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# Save as /usr/local/bin/security-check.sh
echo "=== Ubuntu 24.04 Security Status ==="
echo ""
echo "Failed Login Attempts:"
sudo grep "Failed password" /var/log/auth.log | tail -10
echo ""
echo "Fail2Ban Status:"
sudo fail2ban-client status sshd
echo ""
echo "Pending Security Updates:"
apt list --upgradable 2>/dev/null | grep security
echo ""
echo "Disk Usage:"
df -h /
echo ""
echo "Active Connections:"
sudo ss -tuln | grep LISTEN
Make it executable and run daily via cron:
2
3
4
sudo crontab -e
# Add line:
0 8 * * * /usr/local/bin/security-check.sh | mail -s "Daily Security Report" [email protected]
Advanced Ubuntu 24.04 Security Techniques
1. Two-Factor Authentication for SSH
Add an extra security layer with Google Authenticator:
2
3
4
5
6
7
8
9
google-authenticator
# Edit /etc/pam.d/sshd
auth required pam_google_authenticator.so
# Edit /etc/ssh/sshd_config
ChallengeResponseAuthentication yes
AuthenticationMethods publickey,keyboard-interactive
2. Disk Encryption with LUKS
For sensitive data, implement full disk encryption during installation or encrypt specific partitions:
2
sudo cryptsetup status /dev/mapper/ubuntu--vg-root
3. Network Intrusion Detection with AIDE
2
3
4
5
6
7
8
9
sudo apt install aide aide-common
# Initialize database
sudo aideinit
sudo mv /var/lib/aide/aide.db.new /var/lib/aide/aide.db
# Run check
sudo aide --check
Security Checklist for Ubuntu 24.04 Server
Use this checklist to verify your Ubuntu 24.04 server security hardening:
- ✅ Created non-root administrative user with sudo access
- ✅ Disabled root SSH login and password authentication
- ✅ Configured SSH key-based authentication
- ✅ Changed SSH port from default 22 (optional)
- ✅ Enabled UFW firewall with deny-by-default policy
- ✅ Configured automatic security updates (unattended-upgrades)
- ✅ Installed and configured Fail2Ban for intrusion prevention
- ✅ Verified AppArmor is active and enforcing
- ✅ Implemented strong password policies with PAM
- ✅ Enabled system auditing with auditd
- ✅ Disabled unnecessary services and removed unused packages
- ✅ Set up regular security monitoring and reporting
- ✅ Configured secure backups (off-site, encrypted)
- ✅ Documented all security configurations
Common Ubuntu 24.04 Security Mistakes to Avoid
Even experienced administrators make these errors when securing Ubuntu 24.04 servers:
- Not testing SSH keys before disabling password auth – Always verify SSH key login works before locking yourself out
- Forgetting to update firewall after changing SSH port – Update UFW rules before restarting SSH
- Ignoring security updates – Configure unattended-upgrades or check manually daily
- Using weak sudo passwords – Even with SSH keys, sudo password must be strong
- Not backing up before major changes – Always snapshot or backup before security configuration changes
- Overlooking log monitoring – Security tools are useless if you don’t review logs regularly
For more Linux administration tutorials, explore our comprehensive guides on rebooting Linux from terminal and mounting USB drives in Linux.
Ubuntu 24.04 vs 22.04 Security Improvements
Ubuntu 24.04 LTS introduces several security enhancements over 22.04:
- Linux Kernel 6.8 – Improved security mitigations, better hardware support
- OpenSSH 9.6 – Enhanced cryptographic algorithms, removed legacy ciphers
- OpenSSL 3.0 – Modern TLS support, FIPS 140-3 compliance readiness
- Updated AppArmor profiles – Better default protection for system services
- systemd 255 – Improved sandboxing capabilities for services
- nftables backend for UFW – More efficient firewall performance
These improvements make Ubuntu 24.04 server security stronger out-of-the-box compared to previous releases, but proper hardening remains essential.
Additional Security Resources
For deeper Ubuntu 24.04 security knowledge, consult these authoritative resources:
- Ubuntu Official Security Documentation – Canonical’s comprehensive security guide
- CIS Ubuntu Linux 24.04 Benchmark – Industry-standard hardening checklist
- Ubuntu Security Notices (USN) – Latest security advisories and patches
Conclusion: Maintaining Ubuntu 24.04 Server Security
Implementing comprehensive Ubuntu 24.04 server security hardening requires systematic configuration across multiple layers—user management, network security, access control, monitoring, and ongoing maintenance. By following this guide, you’ve implemented enterprise-grade security controls that dramatically reduce your server’s attack surface.
Remember that security is an ongoing process, not a one-time setup. Schedule regular security audits, stay current with Ubuntu security notices, review logs daily, and update your configurations as new threats emerge. With these practices in place, your Ubuntu 24.04 server will remain secure throughout its LTS lifecycle through 2029.
The investment in proper Ubuntu server security pays dividends in reduced breach risk, compliance readiness, and peace of mind. Start implementing these hardening techniques today—your future self will thank you when automated attacks bounce harmlessly off your properly secured server.
- About the Author
- Latest Posts
Mark is a senior content editor at Text-Center.com and has more than 20 years of experience with linux and windows operating systems. He also writes for Biteno.com
