Tips to Secure Your Linux Server (part 1)
Linux is a world-renowned operating system used in web-facing computers. Netcraft’s data from August 2019 suggests that Linux runs on approximately 75% of servers. The internet is powered by Linux. The digital world belongs to Linux since its conception, and its hold is still ironclad. Hence, to keep your data protected, Linux server security is the key. Additional authority is a well-deserved reward for accommodating the added inconvenience of securing your Linux servers. It is not a herculean task to secure your servers. Knowing simple Linux server security and Linux hardening can easily have you covered.
- Put unique and strong passwords to use
The foundation of server security is a strong password. It is recommended that your password should be at least 10 characters long, embedded with lower and upper case letters as well as special characters. You should keep a different password for different software systems and users. Since a password cannot protect you forever, it is crucial to configure expiration.
The Linux platform has many brilliant password managers that offer key features such as password generators, two-factor authentication, and cloud password storage. Lastpass, Dashlane, Enpass, and Bitwarden are some of the best choices available in the market. However, one size does not fit all. So you need to study the options you have available and find the perfect one compatible with your special needs.
- Create an SSH Key Pair
Strong passwords are crucial to the safety of your server. However, there are still better ways of securing your private servers. Secure shell key pairs are a dream protection feature that can protect your system from being broken into by force.
It is important to be informed of the benefits of SSH keys over normal passwords and usernames before you subscribe to it. While it is easier to rely on passwords for your daily use, a majority of users tend to apply weak passwords that are simple to remember but that can also be easily guessed by hackers. This leaves your security infrastructure highly exposed.
While passwords are a considerably more user-friendly alternative, SSH key pairs offer better security. This advanced security can be credited to the encryption employed by the computer in use as well as the logged-in server. The SSH key pair provides the security of a 12 character password, at the very least. Most of the SSH key pairs are a lot more intricate and elaborate. Hence, if you are working on a dynamic security strategy for your server, SSH key pairs must be your first go-to.
How to Generate an SSH Key and Password
In order to construct an SSH key, type this instruction:
“ssh-keygen -t rsa”
You can select the place you want your key to be saved or it will automatically be saved to the default spot when you press enter.
“Enter file in which to save the key (/home/youruser/.ssh/id_rsa):”
The location you select must take into consideration an absence of individual and organization inventory also known as SSH key sprawl. Since a single server can be used to contain SSH key pairs ranging from a few dozen to hundreds, it can potentially be a massive problem.
The possibility of a physical attack should be considered more prominent than your server being hacked. So you need to take this into account while deciding the location to save your keys. If you’re still unsure, choosing a local device can help during a cyber-attack as it limits exposure.
To complete the process, all you need to do is pick a password. It is that easy.
- Update your software on a regular basis
Vulnerabilities materializing overtime should be curbed by employing software patches routinely as part of Linux server security management. Unfortunately, several users are lax in setting these patches. The software becomes exceedingly vulnerable with time and exposed to hackers if it is not regularly updated.
While using Ubuntu, there are several convenient options available to update Linux. Ubuntu update manager and command lines are some of the choices you can choose from.
If you choose the command line to update, put in:
All the packages available will be shown following this instruction. You can also know all about their latest version through this. To install these packages, use:
The process of Ubuntu update manager is distinct. Using the 18.0.4 version or later starts by selecting the Show applications option at your desktop’s bottom left corner. Follow that by simply searching for “Update manager”.
- Authorize automatic updates
This combined with daily software updates is the perfect mix to strengthen Linux server security. You can select an automatic option to enable your various security updates for you. This allows your updates to be done regularly even when you get busy and it slips your mind. You can choose from a variety of alternatives that allow automatic updates. The software you have factors into your decision. For example, users who use GNOME can easily:
- Select the System menu
- Choose Administration
- Go to Update manager and select Settings
Then open the tab called Updates. From there you can alter the settings to install security updates automatically without any manual involvement.
The unattended-upgrades option also accomplishes a similar goal for Debian. It updates your security system as well, but with a bit of user assistance. In case you choose unattended-upgrades, you should start by installing:
“sudo apt-get install unattended-upgrades”
Then subscribe to the package:
“sudo dpkg-reconfigure –priority=low unattended-upgrades”
If you choose to track through email, the apt list changes package is for you. To begin with, give this instruction:
“# apt-get install unattended-upgrades apt-listchanges”
A bit of added work to keep your Linux server secure can be priceless. However, it is crucial to keep in mind that Linus hardening and server security cannot just be installed and left to its own devices. It is necessary to audit it regularly, backup data, and update software patches. The work required to keep up with these updates could keep a world of problems at bay.
March 30, 2021
August 18, 2020