Tutorials / Ubuntu

Secure Ubuntu 24.04 After Provisioning

intermediate35 minLast reviewed: 2026-07-15Target OS: Ubuntu 24.04 LTS

Written by uNode Engineering; reviewed by uNode Operations.

Ubuntu package names, UFW ordering, sudo-user setup, unattended-upgrades, and fail2ban checks reviewed for lockout safety.

Harden access before exposing an application. Keep one administrative session open while testing a second so a firewall or SSH mistake does not become an avoidable lockout.

Illustration for How to Secure an Ubuntu 24.04 VPS

Prerequisites

  • A new Ubuntu 24.04 VPS.
  • Working administrative SSH access.
  • A local Ed25519 public key.
Open console server deploy

Step 1

Patch the base system

Install current security fixes and reboot if the kernel or core libraries require it.

apt update && apt full-upgrade -y
apt install -y ufw fail2ban unattended-upgrades

Step 2

Create a named sudo user

Use a unique account and install your public key before restricting password access.

adduser <admin-user>
usermod -aG sudo <admin-user>
install -d -m 700 -o <admin-user> -g <admin-user> /home/<admin-user>/.ssh

Step 3

Allow only required ports

Allow SSH before enabling UFW. Add application ports only when the service is ready.

ufw default deny incoming
ufw default allow outgoing
ufw allow OpenSSH
ufw enable
ufw status verbose

Step 4

Enable updates and verify fail2ban

Confirm both services are active and review their logs after the first day.

dpkg-reconfigure -plow unattended-upgrades
systemctl enable --now fail2ban
fail2ban-client status sshd