Linux Server Hardening Security Tips

Securing your Linux server is important to protect your and customers data, intellectual property, and time, from the hands of crackers/hackers. The system administrator is responsible for security Linux Server.

1. Use only Encrypt Data Communication

Because all data transmitted over a network is open to monitoring. Encrypt transmitted data whenever possible with password or using keys and certificates.

Therefore use scp, rsync, or sftp for file transfer and ssh remote administrator server. You can also mount remote server file system or your own home directory using special sshfs and fuse tools.

2. Install only what Software you need to Minimize Vulnerabilities

Do you really need all sort of web services installed? (ntp / rcp / exim / postfix etc). Avoid installing unnecessary software to avoid vulnerabilities in software. Use the RPM package manager such as yum or apt-get and/or dpkg to review all installed set of software packages on a system. Delete all unwanted packages.

# yum list installed
# yum list packageName
# yum remove packageName

or

# dpkg --list
# dpkg --info packageName
# apt-get remove packageName

3. Keep Software and Linux Kernel Up to Date Always

Applying security patches is an important part of maintaining Linux server. Linux provides all necessary tools to keep your system updated, and also allows for easy upgrades between versions. All security update should be reviewed and applied as soon as possible. Again, use the RPM package manager such as yum and/or apt-get and/or dpkg to apply all security updates.

# yum update

or

# apt-get update && apt-get upgrade

You can configure RHEL-based to send yum package update notification via email. Another option is to apply all security updates via a cron job. Under Debian & Ubuntu-based Linux you can use apticron to send security notifications.

4. Disable root Login

Never ever login as root user. You should use sudo to execute root level commands as and when required. sudo does greatly enhances the security of the system without sharing root password with other users and admins. sudo provides simple auditing and tracking features too.

5. Protect SSH With Two-Factor Authentication

To extra protect your SSH server with an two-factor authentication, you can use the Google Authenticator PAM module.

Every time you login ssh to server you have to enter extra the code from your smartphone.

6. Configure Iptables

Iptables is a user space application program that allows you to configure the firewall (Netfilter) provided by the Linux kernel. Use firewall to filter out traffic and allow only necessary traffic. Also if possible allow only specific ip to ssh access to server.

Recommend readings:

  • Red Hat Enterprise Linux – Security Guide.
  • Linux security cookbook – A good collections of security recipes for new Linux admin.
  • Hardening Linux – Hardening Linux identifies many of the risks of running Linux hosts and applications and provides practical examples and methods to minimize those risks.
  • Linux Security HOWTO.
  •