What are some tips/tricks for securing your Linux server?

Rob

Administrator
Staff member
Joined
Oct 27, 2011
Messages
1,210
Reaction score
2,240
Credits
3,485
There are a number of steps taken to secure a Linux server on the Internet these days.. what are some of the things you do?

Some things I recommend as soon as the network comes up on your machine:
- Disable PasswordAuthentication and just use ssh-keys
- Keep up with security updates for your distribution
- Install software such as CSF/LFD to ban IPs of failed logins and lock things down
 


  • Search services run on lvl 3 and disable it with chkconfig and remove unwanted package
  • Disable unwanted network service with netstat
  • Deny cron job in your /etc/cron.deny
  • Disable root login + use ssh-only authentication and use SSH 2 protocol version (like Rob suggestion)
  • Create no-usb in modprobe.b/no-usb and add following line -> install usb-storage /bin/true
  • Check sestatus and activate SELinux =>
    setenforce enforcing (ubuntu based distro don't work with SELinux in my memory)
 
Disable root login + use ssh-only authentication and use SSH 2 protocol version (like Rob suggestion)
Also, change your default ssh port of 22 to some other higher number. Most of the ports from 1 to 49151 are preassigned, or reserved, but: "The range 49152–65535 (215+214 to 216−1) contains dynamic or private ports that cannot be registered with IANA". They are free to use as an alternative port.

Black Hat hackers are constantly scanning Port 22 to find an IP address and attempt to break in. By blocking Port 22 and using a higher number, they will ignore the IP address
 
I can recommend you an IT course. Specially on Linux Security. There you can learn everything about Linux at different levels.
 
OpenSCAP. It contains benchmarks and mitigation scripts for standardized baselines across different industries.

To name some important ones:
  • -PCI-DSS Compliance Standards
  • -DISA Secure Technical Implementation Guidelines (STIG)
  • -United States Government Configuration Baseline (USGCB)

Security controls and hardening rules are often updated by the community upstream.
 
  • Like
Reactions: Rob


Top