Steps To Secure Your Linux Server

Securing a Linux server is a continuous process that goes beyond just installation and basic setup. Linux servers, while powerful and flexible, are not immune to various types of cyber threats like brute-force login attempts, malware, misconfigurations, and other vulnerabilities. This comprehensive guide will walk you through essential security steps to harden your Linux server, with detailed explanations and practical examples for each step. Let’s secure your Linux server!

---

1. Disable Root Login

Why?

The root user has full administrative privileges, making it a primary target for attackers. Allowing direct root login via SSH increases the risk of brute-force attacks on a critical account. Disabling root login forces attackers to compromise an individual user account first, offering an extra layer of security.

How to Do It:

1. Open the SSH configuration file:

   sudo nano /etc/ssh/sshd_config
2. Find the line:

   PermitRootLogin yes
3. Change it to:

   PermitRootLogin no
4. Save and close the file.
5. Restart the SSH service to apply changes:

   sudo systemctl restart sshd

---

2. Use Key-Based SSH Authentication

Why?

Password-based logins are vulnerable to brute-force attacks. SSH keys, however, are much more secure because they rely on cryptographic pairs, making them harder to compromise.

How to Do It:

1. Generate an SSH key pair on your local machine:

   ssh-keygen -t rsa -b 4096
2. Copy the public key to your server:

   ssh-copy-id username@server_ip
3. To disable password authentication, open the SSH configuration file on the server:

   sudo nano /etc/ssh/sshd_config
4. Set PasswordAuthentication to no:

   PasswordAuthentication no
5. Restart SSH to apply the change:

   sudo systemctl restart sshd

---

3. Enforce Strong Password Policies

Why?

Weak passwords are one of the most common attack vectors. Enforcing strong passwords helps prevent brute-force attacks and ensures better protection of user accounts.

How to Do It:

1. Open the password quality configuration file:

   sudo nano /etc/security/pwquality.conf
2. Set policies for minimum length and complexity:

   minlen = 12
   minclass = 3
   • minlen requires a minimum of 12 characters.
   • minclass requires at least 3 of the following character types: uppercase, lowercase, digits, and special characters.

---

4. Keep the System Updated

Why?

Software updates frequently include security patches that address known vulnerabilities. Failing to apply updates leaves your server open to exploitation.

How to Do It:

1. Update packages on Debian/Ubuntu:

   sudo apt update && sudo apt upgrade -y
   On CentOS/RHEL:

   sudo yum update -y
2. To enable automatic updates (on Ubuntu), install unattended-upgrades:

   sudo apt install unattended-upgrades

---

5. Configure a Firewall

Why?

A firewall restricts incoming and outgoing traffic, allowing only authorized traffic and services. This limits the potential attack surface of your server.

How to Do It:

1. Install and configure ufw (Uncomplicated Firewall) on Ubuntu:

   sudo apt install ufw
2. Allow essential services like SSH, HTTP, and HTTPS:

   sudo ufw allow 22    # Allow SSH
   sudo ufw allow 80    # Allow HTTP
   sudo ufw allow 443   # Allow HTTPS
3. Enable the firewall:

   sudo ufw enable

---

6. Install and Configure Intrusion Detection (Fail2Ban)

Why?

Fail2Ban helps protect your server from brute-force attacks by blocking IP addresses after multiple failed login attempts.

How to Do It:

1. Install Fail2Ban:

   sudo apt install fail2ban
2. Configure Fail2Ban by editing the jail configuration:

   sudo nano /etc/fail2ban/jail.conf
3. Enable SSH monitoring with the following settings:

   [sshd]
   enabled = true
   maxretry = 5
   bantime = 3600  # 1 hour
4. Restart Fail2Ban to apply changes:

   sudo systemctl restart fail2ban

---

7. Disable Unnecessary Services

Why?

Running unnecessary services increases the attack surface of your server. Each active service could potentially be exploited, so disabling non-essential services improves security.

How to Do It:

1. List all active services:

   sudo systemctl list-unit-files --type=service --state=enabled
2. Disable unnecessary services:

   sudo systemctl disable service_name

---

8. Set Proper File Permissions

Why?

Incorrect file permissions on sensitive files like SSH keys or log files can lead to unauthorized access. Proper permissions restrict access to critical system files.

How to Do It:

1. Set permissions on the SSH configuration file:

   sudo chmod 600 /etc/ssh/sshd_config
2. Set permissions on log files:

   sudo chmod 640 /var/log/auth.log

---

9. Enable Logging and Monitoring

Why?

Logging records system activities, helping you detect unusual behavior and investigate potential security incidents.

How to Do It:

1. Use rsyslog for basic logging or consider advanced monitoring solutions like ELK (Elasticsearch, Logstash, Kibana).
2. Ensure logs are being generated and stored in /var/log by checking log files such as /var/log/auth.log.

---

10. Implement Auditing with auditd

Why?

Audit logs allow you to monitor and track critical system events, such as file modifications, to detect suspicious activities.

How to Do It:

1. Install auditd for auditing:

   sudo apt install auditd
2. Add rules to track important files, e.g., tracking /etc/passwd for changes:

   sudo nano /etc/audit/audit.rules
   Add:

   -w /etc/passwd -p wa -k passwd_changes
3. Restart the auditing service:

   sudo systemctl restart auditd

---

11. Secure SSH Configuration

Why?

SSH is a common attack vector. Properly configuring SSH limits potential vulnerabilities and improves the overall security of your server.

How to Do It:

1. Edit the SSH configuration file:

   sudo nano /etc/ssh/sshd_config
2. Adjust settings to:
   • Change the default SSH port (optional but recommended):

     Port 2222
   • Disable password authentication:

     PasswordAuthentication no
   • Only allow SSH Protocol 2:

     Protocol 2
3. Restart SSH:

   sudo systemctl restart sshd

---

12. Harden Kernel Parameters

Why?

Kernel hardening helps mitigate certain types of attacks, such as denial-of-service (DoS) or spoofing.

How to Do It:

1. Open the kernel parameters file:

   sudo nano /etc/sysctl.conf
2. Add or modify these settings to enhance security:

   net.ipv4.tcp_syncookies = 1
   net.ipv4.conf.all.rp_filter = 1
   net.ipv4.conf.default.accept_source_route = 0
3. Apply the changes:

   sudo sysctl -p

---

13. Schedule Regular Backups

Why?

Regular backups are essential in case of cyberattacks, data loss, or system failure. Backups allow you to restore your data.

How to Do It:

1. Use rsync for scheduled backups:

   rsync -av /important_data /backup_location

---

14. Set Resource Limits

Why?

Setting resource limits helps mitigate DoS attacks by limiting how much CPU, memory, and processes each user can consume.

How to Do It:

1. Edit the limits configuration file:

   sudo nano /etc/security/limits.conf
2. Add limits like:

   * soft nproc 4096
   * hard nproc 8192

---

15. Use Security Scanning Tools

Why?

Security scanning tools help identify vulnerabilities and misconfigurations, enabling you to fix issues before attackers can exploit them.

How to Do It:

1. Install a security scanning tool like Lynis:

   sudo apt install lynis
2. Run a system audit:

   sudo lynis audit system

---

By following these steps, you can significantly improve the security of your Linux server. Remember, security is an ongoing process, so always stay vigilant, keep your system updated, and regularly audit your server’s security posture.