Linux Server Security Tips

    RahulBy 3 Mins Read

    Security of data and server from hackers is a main task of system administration services. Below is few basic security tips for your linux server.

    1: Strong Password Policy

    Making strong passwords is first stage of securing your server. Do not use common names as your password like yourname, date of birth, mobile number etc. Passwords should be alphanumeric with upper and lower case letters.
    You can use password aging policy on your linux machine to enforce users to change there password on regular interval.

    Example:
    To get password aging information

    # chage -l username

    To change password aging information

    # chage -m 7 -M 60 -W 15 username

    -m: Minimum number of days between password change
-M: Maximum number of days between password change
-W: Number of days of warning before password expires

    To disable password aging ( Not recommended on production server )

    # chage -M 99999 username

    2: Disable root login

    As you know root account has unlimited priviledges, so keep disable root account on server. also make sure no other user having uid or gid 0 using below command, Only root user line should be listed with both comamnds.

    # awk -F: '($3 == "0") {print}' /etc/passwd
# awk -F: '($4 == "0") {print}' /etc/passwd

    To execute root level commands you can configure sudo priviledges on your server.

    3: Keep your system up to date

    Always keep your sytem uptodate with latest software patches or updates. Your can use linux utilities ( yum, apt-get etc ) to update your system with latest updates. Keep uptodate your system on regular interval.

    Eg:

    # yum update
or
# apt-get update && apt-get upgrade

    You can also use yum-updatesd service to enable email notification when any new update found.

    4: Use of secure protocal for remote access

    Always use secure protocals while accessing server from remote or trasferring data. All secure protocals encrypted data transmission.

    Not to Use:

    > rcp
    > telnet
    > ftp

    To Use

    > ssh
    > scp
    > sftp ( FTP over SSL )

    5: Disable unwanted services

    There are many services running in background on your system. Find out and disable all services which are not required.
    find out all service that will start on system boot

    # chkconfig --list | grep ':on'

    Stop all service which are not required on server.

    # service service-name stop

    Also disable service to start on system boot

    # chkconfig service-name off
    Share.

    Related Posts

    1 Comment

    1. Ray Ansari on

      I found this very useful. It was direct and to the point, and allowed me to backup by server to a personal ftp. Any chance of branching this to a article about how to upload your server backups to google drive?

      Reply

    Leave A Reply