Tips to Secure Your Linux Server- Part 2


Linux Server security is one of the most important ways to avoid your data from being hacked. You do not have to worry if you’ve not secured your data before. It is an uncomplicated process. The most efficient method is one that has a systemic administration along with absolute server protection from any attacks.

You cannot be cavalier about data security. A majority of well-protected servers can be hacked through any vulnerability in the system. Hence, you need to take extra measures to ensure that your Linux Server protection does not leave any loopholes for hackers to exploit.

  1. Keep Software to a minimum

While it might be alluring to install new software, it might not be the best idea. Unnecessary programs cause problems in the future by leaving your server vulnerable to attack.

It is understandable to dabble in new software in the market that has just been introduced, but that is not advisable as it could lead to security problems in the future. As time goes on even some of the most systemic infrastructures can get lagged and all be affected due to the impractical, unused, or unessential programs. It is preferable to audit your entire system of every software at least once during the year. Adhering to this, you can manage to keep your server optimized and to keep it running efficiently, while adding new programs to it.

If a huge volume of software is already installed on your server, and you want to review packages that are currently downloaded, you can utilize Red Hat Package Manager (RPM). It can assist you to throw away redundant software.

In order to install, use the command:

“rpm -ivh {rpm-file}”

You can uninstall packages using the command:

“rpm -ev {package}”

You can upgrade packages with the instruction:

“rpm -Uvh {rpm-file}”

2. Disable Booting from External Devices

External devices like USB thumb drives can be used by most hostile parties to get their hands on sensitive information. Physical attacks can be curbed by disabling booting for external devices that can cause as much damage as hacking. If you do not take this caution, a lot of other security steps that you’ve put in place could be rendered redundant.

Specific USB ports can be disabled in Linux through several ways. You can open Terminal and type in this code:

“# chmod 000 /media/”

If you want to give UBS access again, you need to type in:

 “# chmod 777 /media/”

You could easily disable USB access by accessing the blacklist file in /etc/modprobe.d/blacklist.conf, and editing it. You can accomplish this by adding this in the .conf file:

“# sudo echo “blacklist usb-storage” >> /etc/modprobe.d/blacklist.conf”

3. Find hidden open ports and close them

Ports that are open can add to attack surfaces by disclosing information about your network’s architecture. Hence, ports that are unnecessary should be shut down immediately. You can use the netstat instruction to figure out which of your ports could potentially be listening, as well as, disclose the connection details that could be available at the moment.

You can use the following commands to search for specific ports:

  • All TCP ports — “netstat -at”
  • All UDP ports — “netstat -au”
  • All listening ports — “netstat -l”
  • Information for all ports — “netstat -s”

4. Use Fail2ban to scan your Log Files

Linux servers are often attacked by severe force. Unfortunately, they succeed in infiltrating the server, not because the attacking party is exceptionally gifted, but because the preventive measures employed by the Linux server cease at upgraded password protection.

In case you are looking for better protection, you can opt for Fail2ban, a software designed to prevent software hack. Once the number of attempted log-ins exceeds a certain amount, Fail2ban will block the address. It is beneficial in spotting and then addressing failure patterns in the authentication. In case of an attack, you will be notified immediately via Email to help bring the server under control as soon as possible.

To install Fail2ban on CentOS7, type in the command:

“yum install fail2ban”

To install it on Debian, use the following command:

“apt-get install fail2ban”

In order to subscribe for Email support for CentOS7, use the command

“yum install sendmail”

On the other hand, for Debian use

“apt-get install sendmail-bin sendmail”

5. Use Backups and often test them

One of the most important elements of Linux servers is their offsite backups. In case you are hacked, you can still retain access to your crucial data. They are priceless during a ransomware attack. While preventing issues with ransomware is not in their wheelhouse, they are crucial in limiting the damage by maintaining access to key data.

Rsync is a well-known choice available for data backup in Linux. It offers a wide variety of features that help you regular backups and or stop selected files from being duplicated. It is believed to be infamously adaptable, and so can be a perfect launchpad for a variety of Linux Server security strategies. You can easily utilize it to back up your files on a regular basis. You can also go a step ahead by syncing it to several hosts by configuring it all throughout the internet.

In order to install Rsync on CentOS, type in the command:

“yum install rsync”

The command for Debian is:

“sudo apt-get install rsync”

Backups need to be tested on a regular basis for them to function effectively. Testing helps ensure that backups have the correct files that can be easily accessed and recovered in case of data loss. Supposing you have finished your backup manually, you can access its details by using the “lastbackup” command. Similarly, if you want to check if your files have been backed up perfectly, the “scan” instruction will help you do that.

Ensure that you keep a tab of your used storage space at all times, as well as the amount currently available. You can do this by putting in the “quota” command.

6. Carry out security audits

Implementing the measures given above can do wonders for your Linux server security. However, even more, threats can be imminent in the near future. You should update your server security on a regular basis or it will eventually grow vulnerable and fall prey to malicious attacks. Security audits along with software upgrades can point you to other adjustments that need to be implemented.

In absence of regular audits, it is difficult to pinpoint where your gaps exist or what can be done to address them to keep your server optimally protected.

7. Conclusion

Securing your Linus server by putting in a bit of added effort can make all the difference in the world. Understand that Linux hardening, as well as server security, cannot be accomplished by going through the motions just once. You need to keep updating and investing time in doing audits regularly, backing up data, and applying software patches. These small things done regularly can make all the difference in the world to keep trouble at bay.

You should also invest time in ensuring that the password strategy you use is strong and implement a handful of security commands to fortify your Linux server. Doing all this will ensure that you are protected from some of the most malicious security threats present today.

eTechSupport is a Managed Services Provider specialising in services like Web Hosting Support, Server Administration, Management & Monitoring, Live Support (Ticket Support - Chat Support), Database Administration, Remote Backup Configuration & Management and Migration as a Service.

Get your free trial now