Best ways to improve Linux server security
A good amount of security is already in place once your OS is installed, which is a relief because hackers are incessant in their attempts to gain access to your server’s and accounts. They attack businesses of all shapes and sizes. They could attempt to gain access to your database or infect it with malware.
If you shoulder the responsibility of protecting your server, you’ll find solace because Linux is secure in and of itself. Unfortunately, there are still vulnerabilities that can be exploited even if it is one of the most secure OS in the industry.
In case you are looking to amp up your security, we have some measures you can take to keep hackers and malware at bay.
- Make a brand new user account for yourself
You need to make a user account that is new. Using your root login to access your server should be highly avoided at all costs. The alternative is that you can easily make a new account (“<user>“), decide the extent of rights you want this account to be able to access and then use it as your main login for your server. So even if this login id is hacked, the hacker does not get access to everything.
You can create a new user by:
$ adduser <username>
You can provide limited access to your new account by attaching (-a) to the new sudo group (-G) to the membership of the user.
$ usermod -a -G sudo <username>
2. Get rid of software that is unnecessary
It is extremely tempting to install new software, but unless it is a necessity, you should avoid it. Every program that you introduce to your computer can cause your system to be vulnerable down the road and cause problems. Shiny new software is introduced to the market all the time and it’s tempting to add them to your system, but you do need to segregate the vital ones from the frivolous ones. Even a system that has top tier quality equipment and function can become exhausted by software programs that are not used or are completely redundant. You should take a yearly stock of all of the software you have amassed. By following this basic habit, you can unload your server of everything unnecessarily bogging it down and keep it running at the top level.
An RPM package manager can help you to audit your software and get rid of any that you don’t need. apt-get, yum or dpkg, are all good options.
# yum list installed
# yum list packageName
# yum remove packageName
# dpkg –list
# dpkg –info packageName
# apt-get remove packageName
3. Ensure you have strong passwords to ensure web host security
Passwords are fallible because they are in the hands of fallible human beings. Our memory can get confused if we try to remember many different passwords, so we try to stick to a single one for all of our accounts or use a simple one. So instead of helping keep your account safe, the password works as a paper door between you and the hacker. You hand your account to the hacker on a silver platter. Using passwords like “12355” provides the same amount of security as not having a password at all.
You should ensure that all the passwords used have a combination of lowercase and uppercase letters, symbols and numbers. You can also set up a time in advance at which point the user will have to set up a new password. You can also ensure that the same passwords are not repeated by using them again by banning old ones. You can also restrict the tries of logging into your account by employing the “faillog” command. It helps to keep force attacks at bay.
4. Generate an SSH Key Pair
Strong passwords are the epitome of keeping your account safe. However, there are more secure options available to log into your private server. SSH key pairs (secure shell) are immensely effective in keeping your account safe as the brute force has a hard time hacking into these systems.
Before you implement SSH keys, you need to equip yourself with the knowledge of why you are using them instead of the traditional set-up of employing a. Mere username and password. Passwords are perfect to use in an everyday setup for daily users. Unfortunately, users opt for easy to remember passwords that make your system vulnerable to attacks.
SSH key pairs are comparatively harder to use but are infinitely more safe. This added layer of security is so effective both for the encryption used by the computer in question and the server that is being accessed. An SSH key is the equivalent of employing a password of 12 characters. The benefits of SSH key pairs are extensive and varied. Hence it is one of the main measures you must take if you’re looking to amp up your server security.
It does not need much effort to employ these measures, but the rewards can be immense. You have to remember that these measures need to be regularly checked and updated because the threat never goes away and hacking trends are always evolving to match the level of your security and breach it. Keeping your security system updated can help you keep hackers at bay and your system safe.
Putting these simple measures in place like ensuring your password is strong, can be vital to your security. You will have a secure server on your hands that no threat can breach.
June 7, 2021
March 22, 2021
March 1, 2021