How to Secure a Linux Server from Hackers

Q: How to secure a Linux server from attacks and hacks?

Server security is an important term in IT infrastructure.This post includes Some useful tips to secure your Linux server. To apply a powerful and a complete security settings on a linux server is not a simple task. However hope the below points will strengthen your Linux box's security.

Enable and configure firewall(iptables)
        A perfect firewall is highly recommended for every linux server. Firewall always filters all the incoming/outgoing/forwarding packets as per the rules in the iptables configuration. It always protect from all attacks from remote or internet. In linux iptables you can specify the allowed incoming connections in each port and reject/drop the all the other connections. Same way can specify the source/destination ipaddress, ethernet interfaces, tcp/udp port numbers, protocols and many more functions.  

Use secure-shell(SSH)
       Always use SSH instead of insecure telnet and rlogon protocols. SSH is a secure protocol and that use end to end encryption technologies. So all the communications between server and ssh client is encrypted. All the automated attacks to SSH by robots is to its default port(22/TCP). So it will be more secure if you change the default SSH listening port from 22/TCP to any other higher port numbers.

Use complex passwords
      Use complex passwords(not dictionary words) for each and every users in the server,especially for the users with shell access, mail, etc. Enableing password ageing and disable reusing old passwords. Enable account locking after a number of password failures.

Users management
           Protect the "root"(super user) account. Creat all the users with appropriate shells. Only give the shell access to required users only. Restrict the use of sudo command for unauthorized users. Monitor the user activity with any monitoring tools like psacct.

Keep Server updated (kernel,tool,applications,etc)
          Always keep the Kernel version, applications, utilities upto date. Should apply security updates/patches regularly when available.

Physical server security
         Disable the physical console access. Set a BIOS password. Disable booting from CD/DVD/FLASH Drives. Set a password for Grub menu is highly recommented. Une data Encryption methods for data security.  

Block unwanted ports from web
        Deny the access to unwanted tcp/udp ports from internet by using iptables or any other firewall utilities.

SE Linux
       Turn on SE-Linux security policies. SE-Linux allows the security of files, sockets, ports, devices, processes, etc.

Deny access by using hosts.deny/hosts.allow
       Specify the allowed services and ipaddress or ipaddress range in the hosts.allow file in "/etc/" directory like sshd: Finally deny all the other services/ipaddress in hosts.deny file like ALL:ALL. When an incoming packet receives to the server, first check the source address/service by matching the  hosts.allow/deny files. Then only the packet filtered by the firewall. So high level security can be applied by hosts.allow/deny files. 

Turn off unwanted services
         Always turnoff the unwanted services and daemons. Remove unnecessary services from start-up.

Check log files regularly
          Check all the log files on a regular basis to detect a attack attempt. Check system log file var/log/messages. Check every daemons log file located in "/var/log/". Monitor the output of the following commands netstat , top , etc

some usefull log files in /var/log/ directory
/var/log/messages    -The whole system log 
/var/log/lastlog        -Recent user login information
/var/log/maillog       -Mail server logs
/var/log/boot.log      -Logs of system boots
/var/log/yumlog      -Yum utility logs
/var/log/audit/audit.log -Audit logs
Add your valuable comments which will make my posts better.....

Was this helpfull ?


Related Posts Plugin for WordPress, Blogger...

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Bluehost Coupons