Menu

Linux Server Security Tips

Written by , Updated on February 20, 2013

Security of data and server from hackers is a main task of system administration services. Below is few basic security tips for your linux server.

1: Strong Password Policy

Making strong passwords is first stage of securing your server. Do not use common names as your password like yourname, date of birth, mobile number etc. Passwords should be alphanumeric with upper and lower case letters.
You can use password aging policy on your linux machine to enforce users to change there password on regular interval.

Example:
To get password aging information

# chage -l username

To change password aging information

# chage -m 7 -M 60 -W 15 username

-m: Minimum number of days between password change
-M: Maximum number of days between password change
-W: Number of days of warning before password expires

To disable password aging ( Not recommended on production server )

# chage -M 99999 username

2: Disable root login

As you know root account has unlimited priviledges, so keep disable root account on server. also make sure no other user having uid or gid 0 using below command, Only root user line should be listed with both comamnds.

# awk -F: '($3 == "0") {print}' /etc/passwd
# awk -F: '($4 == "0") {print}' /etc/passwd

To execute root level commands you can configure sudo priviledges on your server.

3: Keep your system up to date

Always keep your sytem uptodate with latest software patches or updates. Your can use linux utilities ( yum, apt-get etc ) to update your system with latest updates. Keep uptodate your system on regular interval.

Eg:

# yum update
or
# apt-get update && apt-get upgrade

You can also use yum-updatesd service to enable email notification when any new update found.

4: Use of secure protocal for remote access

Always use secure protocals while accessing server from remote or trasferring data. All secure protocals encrypted data transmission.

Not to Use:

> rcp
> telnet
> ftp

To Use

> ssh
> scp
> sftp ( FTP over SSL )

5: Disable unwanted services

There are many services running in background on your system. Find out and disable all services which are not required.
find out all service that will start on system boot

# chkconfig --list | grep ':on'

Stop all service which are not required on server.

# service service-name stop

Also disable service to start on system boot

# chkconfig service-name off

Rahul
Rahul
Connect on Facebook Connect on Twitter

I, Rahul Kumar am the founder and chief editor of TecAdmin.net. I am a Red Hat Certified Engineer (RHCE) and working as an IT professional since 2009..

1 Comment

  1. Avatar Ray Ansari Reply
    July 10, 2015 at 5:13 am

    I found this very useful. It was direct and to the point, and allowed me to backup by server to a personal ftp. Any chance of branching this to a article about how to upload your server backups to google drive?

Leave a Reply

© 2013-2021 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy