Every server on the internet is constantly vulnerable to intrusion by nefarious users. It’s important that server administrators take action as soon as they setup a server to protect their server.
In this tutorial, we will outline some common steps for securing a Linux server. Commands in this tutorial will be based on CentOS 7, but they can be applied to most Linux distributions
Update System Packages
The best linux server security tip and key defense against attack is an up to date system that only contains packages actively being used by your applications.
If there is a service running that you don’t need, this leaves you unnecessarily vulnerable.
To update system packages and delete obsolete ones, run:
To upgrade to the next major version of a package, and delete obsolete packages run:
Configure Automatic Updates
If you have a system which uses common applications that aren’t easily broken by routine system updates, you may wish to consider setting up automatic updates to improve linux server security. This is a useful server security tip for systems that you don’t regularly connect to.
To setup daily automatic updates, install yum-cron:
yum -y install yum-cron
Configure the package according to your needs:
Start and enable the service on boot:
systemctl start yum-cron systemctl enable yum-cron
This application will be added to your daily crontab to install updates automatically for you.
Maintain An Active Firewall
Installing and maintaining a firewall is a great way to close up ports that don’t need to be open, further enhancing server security. We recommend iptables for this case.
To install iptables:
yum install iptables-services
Set iptables to run on startup:
systemctl enable iptables
IPTables is now ready to be used For example, you can block an external IP with the following command:
iptables -A INPUT -s 192.168.0.10 -j DROP
To save rules permanently use the following command:
service iptables save
Disable Root Login over SSH
Disabling root login locks down a common source of brute-forcing. Attackers will now need to know a unique system user and password before gaining entry to your server.
To disable root login, follow these steps:
Add a user which will have SSH access and set the password:
useradd billjohnson passwd billjohnson
Add this user to have sudo access to run root commands:
Add the following line to this file and save it, replacing username with the user:
username ALL=(ALL) ALL
Open the following file in a text editor
Locate the following line:
Change it to the following:
Add the following line, then save and close the file:
service sshd restart
Root access is now disabled over SSH, providing additional server security from intrusion.
Set Secure Password Policies
Enforcing strict user password rules is a great way to ensure you are not vulnerable to system entry through the use of weak passwords.
Update the following file to set stricter password controls:
There are hundreds of ways to secure a Linux server. We’ve outlined a few of the popular ones, but every application is specific. We provide complete server hardening and proactive monitoring to keep your server running at its best.