Learn
Connect
Blog
Resource hub
Featured resource
2026 Tech Forecast
2026 Tech Forecast

1,500+ tech insiders, business leaders, and Pluralsight Authors share their predictions on what’s shifting fastest and how to stay ahead.

Download the forecast
  • Lab
    • Libraries: If you want this lab, consider one of these libraries.
    • Core Tech
Google Cloud Platform icon
Labs

Ubuntu Security Hardening

Harden an Ubuntu server across four defensive layers in one sitting. In this lab, you will: - lock down SSH with key-based authentication and `sshd_config` restrictions, - configure `fail2ban` to automatically block repeated failed login attempts, - enable the `ufw` firewall with rate-limited SSH and port-scoped allow rules, - define `auditd` rules to track `passwd` changes and `sudo` usage, - correlate security events with `ausearch`, `aureport`, and `journalctl`, and - work with AppArmor profiles by switching between `complain` and `enforce` modes, inspecting the audit trail with `ausearch -m AVC`, and refining profiles interactively with `aa-logprof`. You will finish with the practical skills needed to deliver a hardened Ubuntu server that can withstand an external security audit.

Get started Contact sales
Google Cloud Platform icon
Lab platform
Lab Info
Level
Advanced
Last updated
May 24, 2026
Duration
1h 0m

Contact sales

By clicking submit, you agree to our Privacy Policy and Terms of Use, and consent to receive marketing emails from Pluralsight.
Table of Contents

  1. Challenge

    Harden SSH Access and Validate with fail2ban

    To start things off, you will generate an ED25519 SSH key pair with ssh-keygen and install it for the auditor user, then harden the SSH daemon by writing a drop-in under /etc/ssh/sshd_config.d/ that disables root login, disables password authentication, enforces an AllowUsers allow-list, and tightens MaxAuthTries and LoginGraceTime. You will validate the configuration with sshd -t and sshd -T, prove the policy with positive and negative login tests against /var/log/auth.log, and finally configure fail2ban with production-grade jail values so the system can defend itself against brute-force attempts.

  2. Challenge

    Enable UFW, Configure auditd, and Correlate Security Events

    Next, you will stand up a host firewall by setting deny-by-default inbound with ufw, opening only the ports the dashboard needs, applying SSH rate-limiting with ufw limit, and confirming the rules survive a ufw reload. You will then write audit rules under /etc/audit/rules.d/ that watch /etc/passwd, /etc/shadow, and /var/log/auth.log for changes and log every execve of /usr/bin/sudo, load them with augenrules --load, trigger each event class, and correlate the trail both live with journalctl -f and retrospectively with ausearch, aureport, journalctl, and the auth log.

  3. Challenge

    Manage AppArmor Profiles and Review Denial Logs

    To finish things off, you will manage mandatory access control profiles with AppArmor. You will inspect the live posture with aa-status, view the custom nginx profile, switch it between complain and enforce modes using aa-complain and aa-enforce, and run a rogue script under the profile with aa-exec to watch the kernel block forbidden operations. You will inspect the audit subsystem with ausearch -m AVC for the forensic trail, and close out by practicing the aa-logprof interactive refinement workflow used in production to tune real profiles against real workloads.

About the author
Pluralsight Skills - Labs - Pluralsight
Pluralsight Skills

Pluralsight Skills gives leaders confidence they have the skills needed to execute technology strategy. Technology teams can benchmark expertise across roles, speed up release cycles and build reliable, secure products. By leveraging our expert content, skill assessments and one-of-a-kind analytics, keep up with the pace of change, put the right people on the right projects and boost productivity. It's the most effective path to developing tech skills at scale.

Real skill practice before real-world application

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Learn by doing

Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.

Follow your guide

All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.

Turn time into mastery

On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.

Get started with Pluralsight

View individual plans View team plans
Related Pages