Introduction to Linux Server Security Hardening

Securing your Linux server(s) is a difficult and time consuming task for System Administrators but its necessary to harden the server’s security to keep it safe from Attackers and Black Hat Hackers. You can secure your server by configuring the system properly and installing as minimum softwares as possible. There are some tips which can help you secure your server from network and privilege escalation attacks.

Upgrade your Kernel

Outdated kernel is always prone to several network and privilege escalation attacks. So you can update your kernel using apt in Debian or yum in Fedora.

Disabling Root Cron Jobs

Cron jobs running by root or high privilege account can be used as a way to gain high privileges by attackers. You can see running cron jobs by

Strict Firewall Rules

You should block any unnecessary inbound or outbound connection on uncommon ports. You can update your firewalls rules by using iptables. Iptables is a very flexible and easy to use utility used to block or allow incoming or outgoing traffic. To install, write

Here’s an example to block incoming on FTP port using iptables

Disable unnecessary Services

Stop any unwanted services and daemons running on your system. You can list running services using following commands.

OR using the following command

To stop a service, type

OR

Check for Backdoors and Rootkits

Utilities like rkhunter and chkrootkit can be used to detect known and unknown backdoors and rootkits. They verify installed packages and configurations to verify system’s security. To install write,

To scan your system, type

Check Listening Ports

You should check for listening ports that aren’t used and disable them. To check for open ports, write.

Use an IDS (Intrusion Testing System)

Use an IDS to check network logs and to prevent any malicious activities. There’s an open source IDS Snort available for Linux. You can install it by,

To monitor network traffic, type

Disable Logging as Root

Root acts as a user with full privileges, it has power to do anything with the system. Instead, you should enforce using sudo to run administrative commands.

Remove no owner Files

Files owned by no user or group can be security threat. You should search for these files and remove them or assign them a proper user a group. To search for these files, type

Use SSH and sFTP

For file transferring and remote administration, use SSH and sFTP instead of telnet and other insecure, open and unencrypted protocols. To install, type

Monitor Logs

Install and setup a log analyzer utility to check system logs and event data regularly to prevent any suspicious activity. Type

Uninstall unused Softwares

Install softwares as minimum as possible to maintain small attack surface. The more softwares you have, the more chances of attacks you have. So remove any unneeded software from your system. To see installed packages, write

To remove a package

Conlusion

Linux server security hardening is very important for enterprises and businesses. Its a difficult and tiresome task for System Administrators. Some processes can be automated by some automated utilities like SELinux and other similar softwares. Also, keeping minimus softwares and disabling unused services and ports reduces the attack surface.