Introduction to Linux Server Security Hardening

Securing your Linux server(s) is a difficult and time consuming task for System Administrators but its necessary to harden the server’s security to keep it safe from Attackers and Black Hat Hackers. You can secure your server by configuring the system properly and installing as minimum softwares as possible. There are some tips which can help you secure your server from network and privilege escalation attacks.

Upgrade your Kernel

Outdated kernel is always prone to several network and privilege escalation attacks. So you can update your kernel using apt in Debian or yum in Fedora.

$ sudo apt-get update
$ sudo apt-get dist-upgrade

Disabling Root Cron Jobs

Cron jobs running by root or high privilege account can be used as a way to gain high privileges by attackers. You can see running cron jobs by

$ ls /etc/cron*

Strict Firewall Rules

You should block any unnecessary inbound or outbound connection on uncommon ports. You can update your firewalls rules by using iptables. Iptables is a very flexible and easy to use utility used to block or allow incoming or outgoing traffic. To install, write

$ sudo apt-get install iptables

Here’s an example to block incoming on FTP port using iptables

$ iptables -A INPUT -p tcp –dport ftp -j DROP

Disable unnecessary Services

Stop any unwanted services and daemons running on your system. You can list running services using following commands.

ubuntu@ubuntu:~$ service –status-all

[ + ]  acpid
[]  alsa-utils
[]  anacron
[ + ]  apache-htcacheclean
[ + ]  apache2
[ + ]  apparmor
[ + ]  apport
[ + ]  avahi-daemon
[ + ]  binfmt-support
[ + ]  bluetooth
[]  cgroupfs-mount

OR using the following command

$ chkconfig –list | grep ‘3:on’

To stop a service, type

$ sudo service [SERVICE_NAME] stop


$ sudo systemctl stop [SERVICE_NAME]

Check for Backdoors and Rootkits

Utilities like rkhunter and chkrootkit can be used to detect known and unknown backdoors and rootkits. They verify installed packages and configurations to verify system’s security. To install write,

ubuntu@ubuntu:~$ sudo apt-get install rkhunter -y

To scan your system, type

ubuntu@ubuntu:~$ sudo rkhunter –check

[ Rootkit Hunter version 1.4.6 ]
Checking system commands…
Performing ‘strings’ command checks
Checking ‘strings’ command                           [ OK ]
Performing ‘shared libraries’ checks
Checking for preloading variables                    [ None found ]
Checking for preloaded libraries                     [ None found ]
Checking LD_LIBRARY_PATH variable                    [ Not found ]
Performing file properties checks
Checking for prerequisites                           [ OK ]
/usr/sbin/adduser                                    [ OK ]
/usr/sbin/chroot                                      [ OK ]

Check Listening Ports

You should check for listening ports that aren’t used and disable them. To check for open ports, write.

azad@ubuntu:~$ sudo netstat -ulpnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address      Foreign Address   State      PID/Program name

tcp        0    0*        LISTEN     2136/redis-server 1

tcp        0    0 *        LISTEN     1273/rpcbind

tcp        0    0*        LISTEN     2989/teamviewerd

tcp        0    0*        LISTEN     1287/systemd-resolv

tcp        0    0  *        LISTEN     1939/sshd

tcp        0    0*        LISTEN     20042/cupsd

tcp        0    0*        LISTEN     1887/postgres

tcp        0    0  *        LISTEN     31259/master


Use an IDS (Intrusion Testing System)

Use an IDS to check network logs and to prevent any malicious activities. There’s an open source IDS Snort available for Linux. You can install it by,

$ wget
$ wget
$ tar xvzf daq-2.0.6.tar.gz
$ cd daq-2.0.6
$ ./configure && make && sudo make install
$ tar xvzf snort-2.9.12.tar.gz
$ cd snort-2.9.12
$ ./configure –enable-sourcefire && make && sudo make install

To monitor network traffic, type

ubuntu@ubuntu:~$ sudo snort

Running in packet dump mode
== Initializing Snort ==–

Initializing Output Plugins!
pcap DAQ configured to passive.

Acquiring network traffic from "tun0".
Decoding Raw IP4
== Initialization Complete ==–

Disable Logging as Root

Root acts as a user with full privileges, it has power to do anything with the system. Instead, you should enforce using sudo to run administrative commands.

Remove no owner Files

Files owned by no user or group can be security threat. You should search for these files and remove them or assign them a proper user a group. To search for these files, type

$ find /dir -xdev ( -nouser -o -nogroup ) -print

Use SSH and sFTP

For file transferring and remote administration, use SSH and sFTP instead of telnet and other insecure, open and unencrypted protocols. To install, type

$ sudo apt-get install vsftpd -y
$ sudo apt-get install openssh-server -y

Monitor Logs

Install and setup a log analyzer utility to check system logs and event data regularly to prevent any suspicious activity. Type

$ sudo apt-get install -y loganalyzer

Uninstall unused Softwares

Install softwares as minimum as possible to maintain small attack surface. The more softwares you have, the more chances of attacks you have. So remove any unneeded software from your system. To see installed packages, write

$ dpkg –list
$ dpkg –info
$ apt-get list [PACKAGE_NAME]

To remove a package

$ sudo apt-get remove [PACKAGE_NAME] -y
$ sudo apt-get clean


Linux server security hardening is very important for enterprises and businesses. Its a difficult and tiresome task for System Administrators. Some processes can be automated by some automated utilities like SELinux and other similar softwares. Also, keeping minimus softwares and disabling unused services and ports reduces the attack surface.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Does Linux Need Antivirus?

Linux has gained a good name for being secure enough, and resistant to many malwares out there. Some of the popular Linux...

How to Detect if Your Linux System has been Hacked

When there is suspicion a system was hacked the only safe solution is to install everything from the beginning, especially...

What is IPSEC and how it works

IPSEC (Internet Protocol Security) are 3 cryptographic protocols useful to encrypt communications through a network, usually...
Bài Viết

Bài Viết Mới Cập Nhật

Huớng dẫn dùng proxy cho ios, iphone 2023

Cách gắn set proxy cho điện thoại android, oppo, giả lập android, Ldplayer Bằng Proxydroid

Mua Proxy Socks5 VN Chơi Game Gia Lập Tăng Cường Trải Nghiệm Chơi Game

Mua Proxy Mỹ, Us Nuôi Tài Khoản Etsy, eBay Tìm Hiểu Về Mua Proxy Mỹ tại

Mua Proxy Game – Giải pháp tuyệt vời cho việc chơi game trên mạng mà không bị giới hạn về vị trí địa lý