It is important to secure your Linux server to avoid hackers getting access to your data, intellectual property, and time. Each distribution has different features from a command-line perspective, but the underlying logic is the same. Below are some tips to help you harden your Linux system.
- Encryption of hard drives
Disk encryption is crucial in the event of theft since, even if the hard drive is connected to another computer, the thief won’t be able to read your data.
- BIOS security
It’s crucial to keep this region secure from alterations, hence the host’s BIOS needs to be password-protected so the end-user can’t alter and override the security settings.
- Record the host’s details.
You must generate a new document each time you work on a new Linux hardening project, checking off each item as you apply it in the checklist items given in this post.
- Machine name
- IP address
- Mac address
- Date
- Asset Number
- Protection of disks
Backups offer numerous benefits in the event of a damaged system, a bug in an OS update, etc. In the event of a disaster, important servers’ backups must be moved offsite.
- Linux Vulnerability Minimization
Software vulnerabilities can be avoided by avoiding unnecessary software installations. For an overview of the installed set of software packages on a computer, use the RPM package manager, such as yum or apt-get, and/or dpkg.
- Boot directory lock
You must ensure that the boot directory is restricted to read-only rights since it houses crucial files related to the Linux kernel.
- Turn off USB use
Sometimes it’s necessary to disable the USB stick usage on the Linux host, depending on how crucial your system is.
- Updated software
After the initial startup, the first action is to update the system; this should be a simple process. In most cases, you launch your terminal window and enter the necessary commands.
- Use Linux Security Extensions
Linux includes a number of security fixes to guard against faulty or hacked programmes.
- Safety SSH
SSH is safe, yes, but you also need to harden this service. You must modify SSH’s default setup if you want to utilise it.
- Limiting the Use of Old Passwords on Linux
The number of previous passwords that cannot be used again can be configured using the pam unix module option remember.
- Turn off root login
Never log in using the root user. When necessary, you should utilise sudo to run root-level commands. Without disclosing the root password to other users or administrators, sudo dramatically improves system security.
- Security for physical servers
Disable booting from external devices like DVDs, CDs, and USB pens by configuring the BIOS. To secure these settings, set a password for the BIOS and the grub boot loader.
- Enable Linux Services You Don’t Want
Disable all unused daemons and services (services that run in the background). All unneeded services must be eliminated from the system startup.
- Windows X11 should be removed
The server does not need to run X Windows systems. X11 is not necessary on your dedicated mail server and Apache/Nginx web server based on Linux.
So these were the 15 points checklist that should be kept in mind in order to run your Linux server quickly and smoothly.
