Home > Linux > Tech > Want to enhance Linux Server security - follow these steps

Want to enhance Linux Server security - follow these steps

March 30, 2023 ,

    Securing a Linux server is essential to prevent unauthorized access, data breaches, and other security issues. Here are some steps to secure a Linux server:

  1. Keep Your System Up-to-Date:

    • Use the following commands to update and upgrade your system:
      sql
      sudo apt update
sudo apt upgrade
    • Install security updates automatically using the following command:
      sudo apt install unattended-upgrades
    • Configure unattended upgrades using the following command:
      css
      sudo dpkg-reconfigure --priority=low unattended-upgrades

  2. Use Strong Passwords:

    • Use the following command to change a user password:
      passwd username
    • Use a strong password with a combination of uppercase and lowercase letters, numbers, and symbols. Avoid using dictionary words or common phrases. Use a password manager to generate and store strong passwords.

  3. Disable Unused Services:

    • Use the following command to list all running services:
      css
      systemctl list-units --type=service --state=running
    • Identify services that you are not using and disable them using the following command:
      bash
      sudo systemctl disable service_name
    • Use the following command to prevent services from starting automatically:
      css
      sudo systemctl mask service_name

  4. Configure Firewall:

    • Use the following command to install the "ufw" firewall:
      sudo apt install ufw
    • Use the following commands to allow incoming SSH connections and enable the firewall:
      bash
      sudo ufw allow OpenSSH
sudo ufw enable
    • Use the following command to check the firewall status:
      lua
      sudo ufw status

  5. Use SSH Key Authentication:

    • Use the following command to generate an SSH key pair:
      ssh-keygen
    • Copy the public key to the server using the following command:
      sql
      ssh-copy-id username@server_ip_address
    • Disable password authentication by modifying the "sshd_config" file using the following command:
      bash
      sudo nano /etc/ssh/sshd_config
    • Change the following lines to "no":
      perl
      PasswordAuthentication no
ChallengeResponseAuthentication no
    • Reload the SSH service using the following command:
      sudo systemctl reload sshd

  6. Limit User Access:

    • Use the following command to add a user:
      sudo adduser username
    • Use the following command to grant sudo access to a user:
      sudo usermod -aG sudo username
    • Use the following command to remove a user:
      sudo deluser username
    • Use the following command to remove a user's sudo access:
      sudo deluser username sudo

  7. Enable Two-Factor Authentication:

    • Use the following command to install the "libpam-google-authenticator" package:
      sudo apt install libpam-google-authenticator
    • Use the following command to configure two-factor authentication for a user:
      google-authenticator
    • Edit the "sshd_config" file using the following command:
      bash
      sudo nano /etc/ssh/sshd_config
    • Add the following line:
      bash
      ChallengeResponseAuthentication yes
    • Reload the SSH service using the following command:
      sudo systemctl reload sshd

  8. Monitor System Logs:

    • Use the following command to view the system log:
      bash
      sudo tail -f /var/log/syslog

Post a Comment

No comments

Subscribe to: Post Comments ( Atom )
Powered by Blogger.