loader

Best Ways to Secure Your Linux Server

 

 

An important aspect of any Linux server environment is the quality or state of being secure.

 

 

 

 

 

In this guide, we look at some key ways you can secure your Linux Server. While we focus on Debian/Ubuntu, the steps we discuss here are common ones.

 

 


 

Here we go!,

 

 

 

1. Update your server

 

 

 

 

An operating system must be updated just as any other piece of software. Maintaining the current version will ensure that you get the latest fix for security issues. In addition, updates usually fix or add to existing features, which is why they are needed.

 

 

 

The process of updating is generally divided into two distinct steps. One is called an incremental update, and the other is a major update. Minor modifications are made to operating system components in incremental updates. These changes are usually communicated over the Internet to users. With the update managing software, users can download and install the modifications sequentially. However, major modifications require so many changes affecting several packages simultaneously that it becomes rather difficult to accomplish sequentially. After acquiring the upgraded version of the operating system, a fresh installation is best for this type of modification.

 

 

 

Applying patches to the operating system, installed applications, and local repositories can help secure your server.

 

 

 

 

 

Updating is as simple as following the command below,

 

 

 

On Ubuntu and Debian:

 

sudo apt update && sudo apt upgrade -y

 

 

And other flavours like Fedora, CentOS or RHEL:

 

 

 

sudo dnf upgrade

 

2. Set Secure Password Policies

 

 

 

 

 

 

The strength of the passwords of login users is just as important as that of Linux, which is considered a secure operating system. Due to this, your password should be long enough and include numbers, symbols, capitals, and lowercase letters; use a mix of characters so it’s harder to crack. First and foremost, passwords protect your personal information and computer from unauthorized access. Your computer will be more protected from malicious software and hackers if you choose a strong password.

 

 

 

 

 

 

The following file needs to be updated to impose stricter password controls:

 

 

vi /etc/security/pwquality.conf

 

3. Upload your SSH key

 

 

 

 

 

The Secure Socket Shell Key Management, also known as Secure Shell Management.

 

 

 

An SSH key is an authentication credential for the SSH (secure shell) network protocol. In an unsecured open network, this protocol is used to communicate between remote machines securely.

 

 

 

 

Below you will find the command to upload the pre-generated SSH key to your server:

 

ssh-copy-id @ip_address

 

 

4. Enable a firewall

 

 

 

 

 

 

The firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on certain security rules. Using a firewall, you can prevent external threats from entering your system. There are other forms of threats that can be spread from machine to machine without the knowledge of the user.

 

 

 

 

 

Firewall configuration is simplified when using the Uncomplicated Firewall (UFW) interface to iptables as follows:

 

 

 

Installing UFW is as simple as running the following commands:

 

 

sudo apt install ufw

 

 

By enabling HTTP, HTTPS, and SSH, you can access the server

 

sudo ufw allow ssh

 

sudo ufw allow http

 

sudo ufw allow https

 

 

 

Then enable UFW

 

sudo ufw enable

 

 

 

You can see what services are allowed and denied with,

 

sudo ufw status

 

 

You can disable the UFW by typing the following command if you don’t want to use it,

 

sudo ufw disable

 

5. Configure 2FA

 

 

 

 

In addition to a password and a second token, two-factor authentication (2FA) enhances security by requiring users to log on using a password and another token.

 

 

Ensure that your server is fully updated and your data is backed up before you begin installing. As soon as you’ve set it up, you won’t be able to access your machine without the third-party-generated codes. Whenever you want to log in, you will need either your smartphone or the emergency code (generated after installing the necessary tools).

 

 

 

 

 

 

 

That’s it!

 

 

 

 

 

There are many other things to consider besides those we discussed, so we have only touched on some of the most important ones.

 

 

 

 

 

 

 

Get the most out of learning with VPSie.com