How to Increase Security in Odoo Installations

By default Odoo is built and deployed on Linux and Ubuntu, these mitigates a lot of issues with Long Term Support, taking extra steps will increase odoo security from Day One, this will go a long way in the future

Objective: 

1. Ubuntu Servers on the internet are bound to get attention , especially via IP and SSH

What Do You Need to do this?

1. Access to the Ubuntu server, we use SSH keys, pls generate your own SSH keys from your machine and share with Admin
2. Server IP to access to 

Quick Checklist

Backup the server

SSH to server

Add a Script to enable UFW and check only SSH access is allowed via keys

Restart server and check the Odoo

Steps to Reproduce:

1. Create a backup or snapshot of the server, as a fallback in case things do not work

2. SSH into the server

3. Copy in the following command:

   cat < configure-ufw-ssh.sh apt install ufw -y ufw allow ‘Nginx Full’ ufw allow ssh sudo ufw enable

   sudo ufw status

   sed -i ’/#PasswordAuthentication yes/c\PasswordAuthentication no’ /etc/ssh/sshd_config sed -i ‘/PasswordAuthentication yes/c\#PasswordAuthentication no’ /etc/ssh/sshd_config service sshd restart

   EOF

4. Then type in

   chmod +x configure-ufw-ssh.sh

5. Then type in

   ./configure-ufw-ssh.sh

6. Check and login the odoo via web, to ensure things are working

7. If things are not working, consider restoring the snapshot or backup in Step #1