Server security is one of the most important things in your work, so stay tuned to this article from Radib to provide important tips to increase the security of your server.
To increase the security of your Linux server, you can take the following steps:
1. Update the system and packages
sudo apt update && sudo apt upgrade -y
- Always update the operating system and installed packages to the latest version.
- Use tools like Unattended Upgrades for automatic security updates.
2. Firewall Setup
Install and configure UFW (Uncomplicated Firewall):
sudo apt install ufw
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable
- Block unnecessary ports and only allow necessary access.
3. Disabling Remote Root Access
- Edit the SSH configuration file:
sudo nano /etc/ssh/sshd_config
- Find and change the following option:
PermitRootLogin no
- Then restart the SSH service:
sudo systemctl restart sshd
4. Change the Default SSH Port
- To prevent Brute Force attacks, change the SSH port:
sudo nano /etc/ssh/sshd_config
- Find the following line and change the port (for example, to 2222):
Port 2222
- Restart the SSH service:
sudo systemctl restart sshd
5. Using Key-based Authentication
To purchase a high-speed, hardware firewall-enabled cloud virtual server at Radib, click
- Create an SSH key:
ssh-keygen
- Transfer the public key to the server:
ssh-copy-id user@server_ip
- Then disable password authentication:
sudo nano /etc/ssh/sshd_config
PasswordAuthentication no
- Restart the SSH service.
6. Install Fail2Ban to Prevent Brute Force Attacks
sudo apt install fail2ban
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
- Customize the settings:
sudo nano /etc/fail2ban/jail.local
7. Restrict access to sensitive files
- Change permissions of sensitive files:
chmod 600 /etc/ssh/sshd_config
chmod 600 /etc/passwd
chmod 600 /etc/shadow
8. Enabling SELinux or AppArmor
- Enable SELinux:
sudo setenforce 1
- Or install and configure AppArmor:
sudo apt install apparmor
sudo systemctl enable apparmor
sudo systemctl start apparmor
9. Review and monitor activities
Buy a virtual server (without abuse) at the best price in Radib. Click
- Install monitoring tools like Fail2Ban, Logwatch, and Lynis:
sudo apt install logwatch
sudo logwatch --detail high
10. Create regular backups
- Use tools like rsync or Duplicity to take automatic backups:
rsync -avz /important_data /backup_location
11. Disable unnecessary services and ports
- Check the list of open ports:
sudo netstat -tuln
- Disable unnecessary services:
sudo systemctl disable servicename
sudo systemctl stop servicename
12. Using antivirus and security scanning
Buy unlimited 1-to-1 virtual server Iran in Radib, Click
- Install and scan with ClamAV:
sudo apt install clamav
sudo freshclam
sudo clamscan -r /home
13. Enable IDS/IPS (Intrusion Detection and Prevention Systems)
- Install Snort or Suricata:
sudo apt install snort
- These tools detect and block suspicious behavior.
14. Install and enable V-P.N for secure server access
- To access the server from public networks, install a VPN such as OpenV-P-N or WireGuard.
15. Restrict sudo users
- Add only trusted users to the sudo group:
sudo usermod -aG sudo username
- Check the list of sudo users:
sudo cat /etc/sudoers
Conclusion
By following these steps, you can significantly increase the security of your Linux server. Also, if you need secure and managed servers, Radib Group provides highly secure virtual servers with strong support.
Thank you for being with Radib.
