Some people on this forum are running servers that get attacked left and right. If I run a very small server in my home, will it be a target for hackers?

How much effort should I put into securing such a server? I just want to run apache, possibly a mail server, and ssh(mainly for local use). My plan for now is this:

no remote root login
automatic security updates
firewall
port reassignment
some program like fail2ban

Sounds like a good start. Keep an eye on your logs and use strong passwords. May want to consider using only ssh-key authentication if publicly accessible. Ensure your MTA is not an open relay / does not openly relay.

General rule of thumb, if you expose a service/port to the world, it will be discovered and attempts will be made to exploit it.

1 members found this post helpful.

If you are using it behind a router that uses NAT and don't leave ports open that are not necessary you will likely not have too many problems. That said, you never know until you set this up and run it for a while. You may want to setup some kind of IDS (snort or suricata come to mind) to monitor what is going on.

1 members found this post helpful.

The short answer is yes. The bad guys don't care if your server is large or small, as long as they can exploit it.

You should put some reasonable effort into securing it. Not root logins is a standard security measure, and rayfordj's suggestion of moving to key-based authentication for SSH is an excellent suggestion. Automatic security updates are OK, but I'm assuming that is for the OS only. If your running Apache "applications" like some of the PHP based CMS or forum systems, then you need to keep those updated as well. If you are running PHP based web sites, make really sure you've got PHP locked down. It also wouldn't hurt to run something like mod_security.

Port reassignment is security through obscurity and really only stops the complete idiots. If you've taken decent precautions with passwords, Fail2Ban and things like it are really only useful for cutting down on the noise in log files. You also might investigate file integrity checkers like AIDE or Samhain. They won't stop an attack but can help you diagnose what has happened if you get cracked.

3 members found this post helpful.

As has already been mentioned it will depend on if you want to open and expose this to the outside world or not. If you are running a server but only make it accessible from within your LAN there is really no greater risk than an other PC on that network. It is by opening up these services to the outside world that can start to bring in the port scans and other noise. Keep in mind that just by exposing a server to the internet with an open port you will see connection attempts in the logs, and all sorts of failures. This is normal, and should not worry you, but do review logs to see if there are any logins etc. which you can't validly explain.

Also keep in mind many home ISPs will block common server ports (HTTP, SMTP, POP, etc.) before they are even forwarded to your edge device. If you planned to run a public website and your ISP blocks inbound traffic on port 80 this will obviously be an issue for you. What is your plan for a firewall? Linux has iptables built into the kernel, but as far as I am concerned that should be a second line of defense. I always prefer to have another hardware firewall doing NAT out in front of any server. This way I can block all unwanted traffic at that level as well as on the server itself. This should help keep the logs on your server cleaner, and if you do see inbound connections to unexpected services, or from unexpected locations you know there is a potential problem.