Security of data and server from hackers is a main task of system administration services. Below is few basic security tips for your linux server.
1: Strong Password Policy
Making strong passwords is first stage of securing your server. Do not use common names as your password like yourname, date of birth, mobile number etc. Passwords should be alphanumeric with upper and lower case letters.
You can use password aging policy on your linux machine to enforce users to change there password on regular interval.
Example:
To get password aging information
# chage -l username
To change password aging information
# chage -m 7 -M 60 -W 15 username
-m: Minimum number of days between password change -M: Maximum number of days between password change -W: Number of days of warning before password expires
To disable password aging ( Not recommended on production server )
# chage -M 99999 username
2: Disable root login
As you know root account has unlimited priviledges, so keep disable root account on server. also make sure no other user having uid or gid 0 using below command, Only root user line should be listed with both comamnds.
# awk -F: '($3 == "0") {print}' /etc/passwd # awk -F: '($4 == "0") {print}' /etc/passwd
To execute root level commands you can configure sudo priviledges on your server.
3: Keep your system up to date
Always keep your sytem uptodate with latest software patches or updates. Your can use linux utilities ( yum, apt-get etc ) to update your system with latest updates. Keep uptodate your system on regular interval.
Eg:
# yum update or # apt-get update && apt-get upgrade
You can also use yum-updatesd service to enable email notification when any new update found.
4: Use of secure protocal for remote access
Always use secure protocals while accessing server from remote or trasferring data. All secure protocals encrypted data transmission.
Not to Use:
> rcp
> telnet
> ftp
To Use
> ssh
> scp
> sftp ( FTP over SSL )
5: Disable unwanted services
There are many services running in background on your system. Find out and disable all services which are not required.
find out all service that will start on system boot
# chkconfig --list | grep ':on'
Stop all service which are not required on server.
# service service-name stop
Also disable service to start on system boot
# chkconfig service-name off
I found this very useful. It was direct and to the point, and allowed me to backup by server to a personal ftp. Any chance of branching this to a article about how to upload your server backups to google drive?