Latest News

How to Secure Your Debian 13 Server: A Comprehensive Guide

ByTech Tutorial

Jul 15, 2025
debian 13 guide

Securing your Debian 13 (Trixie) server is essential to protect your data and maintain reliable operations. This guide will walk you through the steps to comprehensively secure your Debian 13 server. We’re using a server provided by Teklan Hosting

1. What’s New in Debian 13?

  • Enhanced Kernel Security: Linux Kernel v6.12 with improved exploit mitigation.
  • Support for 64-bit RISC-V (riscv64).
  • Installer enhancements for HTTP-Boot and cloud images.

2. Pre-installation Best Practices

  • Set a strong BIOS/UEFI password.
  • Disable boot from removable media unless needed.
  • Enable Secure Boot where possible.

3. Secure Installation

  • Choose minimal installation.
  • Partition wisely: separate /, /home, swap, /var, and /var/log.
  • Select secure filesystems (ext4, xfs, btrfs).
  • Disable unnecessary services during setup.

4. Initial Security Configuration

4.1 Update Your System

sudo apt update
sudo apt full-upgrade

4.2 Harden User Accounts

adduser adminuser
usermod -aG sudo adminuser
  • Disable root SSH login and use SSH key-based authentication.

4.3 Configure SSH Security

sudo nano /etc/ssh/sshd_config

Set:

PermitRootLogin no
PasswordAuthentication no

Restart SSH:

sudo systemctl restart sshd

5. Firewall and SSH Protection

Install and configure UFW:

sudo apt install ufw
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable

Fail2Ban Installation

sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

6. Kernel and Sysctl Hardening

Edit /etc/sysctl.conf:

net.ipv4.ip_forward = 0
net.ipv4.conf.all.rp_filter = 1
kernel.randomize_va_space = 2

Apply changes:

sudo sysctl -p

7. Secure Web Server Configuration

Install NGINX and Certbot:

sudo apt install nginx certbot python3-certbot-nginx
sudo certbot --nginx -d example.com

8. Regular Backups

Automate backups using:

  • rsnapshot, restic, or borg.
  • Off-site storage (cloud or remote servers).

9. Automatic Security Updates

sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

10. Monitoring and Maintenance

  • Regularly monitor logs with journalctl, /var/log/auth.log.
  • Set up Intrusion Detection with AIDE or Tripwire.

11. Upgrading from Debian 12 to 13

  1. Backup your data.
  2. Update sources to trixie in /etc/apt/sources.list.
  3. Execute:
sudo apt update
sudo apt full-upgrade
sudo apt autoremove

Conclusion

Debian 13 introduces robust security enhancements. By following these steps, you’ll significantly harden your server against threats, ensuring a secure and reliable Debian server.

By Tech Tutorial

Hey, I'm Chris! Nerd, Business owner, Serial Procrastinator! Will add more info soon :)

Related Post

How-to Latest News Security Software

How to Secure Your Debian 12 Server: A Comprehensive Guide

Jul 5, 2024 Tech Tutorial
Artificial Intelligence Latest News

Microsoft Copilot: AI Advancements With GPT-4 And Real-Time Internet Access

Jun 2, 2024 Tech Tutorial
Cryptography Latest News

Quantum Revolution: The Future Of Cryptography And Data Security

May 31, 2024 Tech Tutorial