Security is one of the most critical aspects of server administration, and it is essential to take proactive measures to secure your Linux server. We will look into the essential steps to make your Linux server secure.
Update Your Server and Packages
The first step in securing your Linux server is to update the system and packages. Keeping your system up to date with the latest security patches is essential. Use the following commands to update your system and packages:
Ubuntu or Debian:
sudo apt-get update
sudo apt-get upgrade
CentOS or RHEL:
sudo yum update
If you have any other package manager like brew, snap, pip, npm, etc. then use respective commands to update packages installed using those tools.
Install and Configure rkhunter and chkrootkit
rkhunter and chkrootkit are powerful tools that can help detect rootkits and other security threats on your server. You can install both of them with the following commands:
Ubuntu or Debian:
sudo apt-get install rkhunter chkrootkit
CentOS or RHEL:
sudo yum install rkhunter chkrootkit
After installation, run the following commands to update the rkhunter database and perform a system scan:
sudo rkhunter --update
sudo rkhunter --check
To run chkrootkit, simply run the following command: sudo chkrootkit
Install and Configure ClamAV
ClamAV is an open-source antivirus software that can help detect and remove viruses and malware from your server. You can install ClamAV with the following commands:
Ubuntu or Debian:
sudo apt-get install clamav clamav-daemon
sudo freshclam
CentOS or RHEL:
sudo yum install epel-release
sudo yum install clamav clamav-update clamd
sudo freshclam
After installation, run the following command to perform a system scan: sudo clamscan -r /
Secure SSH Connections
SSH is a popular protocol used for remote server access. However, it is also a common target for attackers. Therefore, it is essential to secure your SSH connections. Here are some steps you can take to secure your SSH connections:
-
Change the default SSH port (usually 22) to a different port.
-
Disable root login over SSH.
-
Enable public key authentication and disable password authentication.
To change the default SSH port, edit the SSH configuration file (/etc/ssh/sshd_config) and change the "Port" directive.
Port 1234
To disable root login over SSH, edit the SSH configuration file and set the "PermitRootLogin" directive to "no". For example:
PermitRootLogin no
To enable public key authentication and disable password authentication, edit the SSH configuration file and set the "PasswordAuthentication" and "PubkeyAuthentication" directives as follows:
PasswordAuthentication no
PubkeyAuthentication yes
After making changes to the SSH configuration file, restart the SSH service:
Ubuntu or Debian:sudo systemctl restart ssh
CentOS or RHEL:sudo systemctl restart sshd
Limit User Access and Privileges
Limiting user access and privileges is another critical step in securing your Linux server. Only grant access to users who need it, and make sure they have minimum privileges required to perform their tasks. Avoid giving users unnecessary root privileges.
You can create a new user with the following command:
sudo adduser username
You can also add user to a specific group with the following command:
sudo usermod -a -G groupname username
To revoke root privileges from a user, remove them from the "sudo" group: sudo deluser username sudo
Close Ports on public interfaces
By default, Linux servers have several open ports that can be exploited by attackers. It is essential to close any unnecessary ports on your server.
Use the following command to check open ports: sudo netstat -tupln
Once you have identified which ports are open, you can close them by editing your firewall rules. If you are using the UFW (Uncomplicated Firewall which is available on Ubuntu and Debian), you can use the following command to close a port:sudo ufw deny port_number
For example, to close port 80 (HTTP), use the following command: sudo ufw deny 80
After making changes to your firewall rules, reload the firewall: sudo ufw reload
Install and Configure Fail2Ban
Fail2Ban is a powerful tool that can help protect your server from brute-force attacks. It monitors log files for repeated login failures and blocks IP addresses that exceed a certain threshold. You can install and configure Fail2Ban with the following commands:
Ubuntu or Debian:
sudo apt-get install fail2ban
CentOS or RHEL:
sudo yum install epel-release
sudo yum install fail2ban
After installation, edit the Fail2Ban configuration file (/etc/fail2ban/jail.conf) and configure the following options:
-
bantime: Time for which an IP address is banned (in seconds).
-
maxretry: Maximum login attempts allowed before an IP address is banned.
-
action: Action to take when an IP address is banned (e.g., block the IP address in the firewall).
Once you have configured Fail2Ban, start the service and enable it to start at boot:
sudo systemctl start fail2ban
sudo systemctl enable fail2ban
Overall, Securing your Linux server is crucial to prevent unauthorized access and data breaches. Always stay vigilant and keep your server up to date with the latest security patches and software updates.
