However, like any other OS, Linux servers are vulnerable to data breaches. Despite these problems, users don’t fully consider the extent of security leaks and how their data can be affected over time.
For this reason, it is imperative to perform a few basic steps, which can go a long way in helping you secure your Linux server against hacks and security breaches.
1. Set Secure Passwords
Passwords are the backbone of a secure server. As a practice, use passwords with a minimum length of 10 characters and alphanumeric passwords, special characters, and upper and lowercase letters.
Additionally, avoid repeating passwords for multiple applications. Add an expiration configuration for your passwords, as no single password provides ongoing security.
To enable enhanced security, refer to some excellent password managers for your Linux system. These managers offer services like:
Two-Factor authentication Password generation Cloud password storage
A few options include the following:
Bitwarden LastPass Enpass Dashlane
Before jumping to any one option, make sure you measure your requirements and choose which software works for your server configuration.
2. Include an SSH Key Pair
Passwords are just one part of the hardening process. Couple this process with more robust login methods for the most secure results. Secure Shell or SSH key pairs are difficult to breach with brute force.
SSH key pairs are not as user-friendly as regular passwords, but they are more secure. Such enhanced security is attributed to the server encryption and the system used.
An SSH key pair equivalently represents a 12-character password. In reality, the actual composition of an SSH key pair might be challenging to understand for a commoner, but it does the needful.
Generating an SSH key pair is straightforward. First set up an SSH key by typing the following in the Terminal window:
Choose the destination where you would like to save the key.
Measure and weigh the chances of physical attacks on hacked servers at the time of deciding on the save location. Ideally, you should opt for a local device to reduce vulnerabilities.
3. Update Your Server Software Regularly
Updated servers work well when you implement software patches to combat emerging vulnerabilities. Unfortunately, many users might overlook these software patches, making their servers vulnerable and an easy target for hackers to exploit.
To combat this problem, you need to install updates in your Linux machine. There are two ways you do so.
Command Lines Within Terminal Window
Enter the command below in the terminal window. As soon as you execute, the command will start showing all relevant information about the pending updates.
Ubuntu Update Manager
The process is a bit different when you update using the Ubuntu Update Manager. In versions 18.04 or later, the first step is to click on the Show Applications icon in the bottom left of your screen.
From there, search for Update Manager to install the updates.
4. Enable Automatic Updates
Let’s just say automatic updates are an extension of the previous step. Are you struggling to cope up with a myriad of security updates and losing track of these important updates?
If you answered this with a big nod, then automatic updates are your favored solution. Depending on your type of system, you can opt to enable automatic updates in the following manner.
GNOME Users
Open the System Menu Select Administration Navigate to Update Manager and choose Settings Open Updates Navigate to the install security updates setting
Debian Users
Debian users can opt for unattended updates installation. This way, your system will always remain updated without too much manual intervention.
Install the Package:
Enable the Package:
5. Remove Unessential Network-Facing Services
All Linux server OSs come with their own respective server network-facing services. Whilst you would want to retain most of these services, there are a few you should remove.
Run the following commands to see a list of such services:
Note: The output from this command will vary, depending on your OS.
You can remove an unused service, depending on your operating system and package manager.
Debian/Ubuntu:
Red Hat/CentOS:
To cross verify, run the ss -atup command again to check if the services have been removed or not.
6. Install Fail2ban to Scan Log Files
Linux servers and brute force attacks go hand-in-hand. Such attacks usually succeed since the end-users have not taken the required preventative measures to secure their systems.
Fail2ban is an intrusion prevention software, which alters firewall rules and bans any address which is attempting to login into your system. It’s used widely to identify and address authentication failure trends. These are furthered via email alerts, which go a long way in curbing such malicious attacks.
To install Fail2ban:
CentOS 7
Debian
To enable email support:
CentOS 7
Debian
7. Enable a Firewall
Firewalls are yet another effective way to get the ball rolling for securing your Linux server. Once you install a firewall, you should enable and configure it to allow network traffic through.
Uncomplicated Firewall (UFW) proves to be a good security addition to your Linux server. UFW offers an easy-to-use interface, which simplifies the process of configuring a firewall on your system.
Install UFW via the following command line:
UFW has been configured to deny all incoming and outgoing connections. Any application on your server can connect to the internet, but any incoming connections won’t hit your server.
As a first step post-installation, you need to enable SSH, HTTP, and HTTPS:
You can also enable and disable UFW:
If necessary, you can check a list of services allowed/denied:
Keeping Your Linux Server Secure
Remember, Linux hardening and maintaining server security isn’t a one-time activity.
Instead, it is an ongoing process which begins by installing regular updates, protecting your server using firewalls, and extends to uninstalling all unessential software. It finally ends by conducting security audits to keep hackers at bay.
