Basic Security Steps on a Linux Server

It is very important to keep the server secure from hacking and all kind of unauthorized access. So it is always important to take some time to do these basic steps to secure a Linux server:

  1. SSH security

    SSH is a widely used secure platform to access the server via terminal. We can take a few measures to secure the SSH configuration.

    Disable Direct Root Login - It is better to disable the direct root access and permit sudo access to a specific list of users only. It can be configured on ssh configuration file. Also good to use a different SSH port instead of 22.
    # vi /etc/ssh/sshd_config​
    Change the port to a different one:

    Port 5613

    The port might be needed to open in the firewall as well:

    Centos 6:
    # iptables -I INPUT -p tcp -m tcp --dport 5613 ACCEPT​
    Centos 7:
    # firewall-cmd --zone=public --add-port=80/tcp --permanent

    Click here to view the video tutorial for the same.​
    Then change the root login settings:

    PermitRootLogin no
    AllowUsers <your own username>
    #service sshd restart​
  2. Enable IPTABLES or CSF firewall:

    It is always advised to block the unwanted ports, IP addresses, etc. using a firewall. If you are familiar with IPTABLES commands, it will be available with most of the OS by default. If you need more custom firewall setup, it is better to set up something like CSF.

  3. Keep the packages and kernel updated:

    It is better to set up auto updates with yum using yum-cron to make sure the packages and kernel are up to date. If auto-updates are not configured, do yum update or apt-get update commands in a specific time period to make sure that the server is using the latest packages with security updates.

  4. Using secure passwords:

    Most people use some easy-to-remember passwords for their servers, email accounts, etc. and which makes things easier for the hackers as well. It is always advised to use some complex passwords for SSH access, email accounts, and all server-related logins.

  5. No empty passwords:

    We can check if any accounts are opened with empty passwords by running the following command:
    # cat /etc/shadow | awk -F: '($2==""){print $1}'​
  6. Review logs:

    We can keep checking on the important logs to make sure no unusual things are happening without our knowledge. Here are some of the important log file locations:

    # /var/log/messages - The current system activities are shown here.
    # /var/log/maillog - Mail server related logs.
    # /var/log/auth.log - Authentication related logs.
    # /var/log/cron.log - Cronjobs related logs.
    # /var/log/secure - Logs related to the authentications.
    # /var/log/yum.log - yum logs

  7. Keeping Backups:

    It is always good to keep the backup of your important file, folders, and databases in a different space such as a Cloud or local machine, etc. You can use some kind of auto backup options to configure doing this automatically and set the destination as per your convenience.

  8. Enable login notifications:

    It is good to enable some login notifications to get an email when a user has accessed the server via SSH. You can set the following under .bashrc file of the specific user. So if we are setting for root:
    # vi /root/.bashrc​
    echo 'ALERT - Root Shell Access (ServerName) on:' `date` `who` | mail -s "Alert: Root Access from `who | cut -d'(' -f2 | cut -d')' -f1`"
Last edited: