Shulou(Shulou.com)06/01 Report--

This article mainly introduces "how to improve the security of the Linux server". In the daily operation, I believe many people have doubts about how to improve the security of the Linux server. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful for you to answer the doubts about "how to improve the security of the Linux server"! Next, please follow the editor to study!

Nowadays, many of our personal and professional data are available online, so it is very important for both professionals and ordinary Internet users to learn the basics of security and privacy. As a student, I gained this experience through the school's CyberPatriot program, where I had the opportunity to communicate with industry experts to learn about network vulnerabilities and the basic steps to establish system security.

Based on what I have learned so far as a beginner, this article describes in detail six simple steps to improve the security of the Linux environment for personal use. Throughout my journey, I have used open source tools to accelerate my learning process and become familiar with higher-level concepts related to improving Linux server security.

I tested these steps using the version of Ubuntu 18.04 that I am most familiar with, but they also apply to other Linux distributions.

1. Run the update

Developers are constantly looking for ways to make the server more stable, fast and secure by patching known vulnerabilities. Running updates on a regular basis is a good habit to maximize security. Run them:

Sudo apt-get update & & apt-get upgrade2, enable firewall protection

Enabling the firewall makes it easier to control inbound and outbound traffic on the server. There are many firewall applications available on Linux, including firewall-cmd and simple Firewall Uncomplicated Firewall (UFW). I use UFW, so my example is specific to it, but these principles apply to any firewall of your choice.

Install UFW:

Sudo apt-get install ufw

If you want to further protect your server, you can reject incoming and outgoing connections. Please note that this will cut off your server from the world, so once you block all traffic, you must specify which outbound connections are allowed from your system:

Sudo ufw default deny incomingsudo ufw default allow outgoing

You can also write rules that allow you to personally use the incoming connections you need:

Ufw allow

For example, allow SSH connections:

Ufw allow ssh

Finally, enable your firewall:

Sudo ufw enable3, strengthen password protection

Implementing a strong password policy is an important aspect of maintaining server security and preventing network attacks and data leakage. Some best practices for password policies include mandatory minimum length and a specified password age. I use the libpam-cracklib package to accomplish these tasks.

Install the libpam-cracklib package:

Sudo apt-get install libpam-cracklib

Force the length of the password:

Open the / etc/pam.d/common-password file.

Change the minlen=12 line to any number of characters you need to change the minimum character length requirement for all passwords.

To prevent password reuse:

In the same file (/ etc/pam.d/common-password), add the remember=x line.

For example, if you want to prevent users from reusing one of their last five passwords, use remember=5.

To force the password age:

Find the following lines in the / etc/login.defs file and replace them with the time you like (days). For example:

PASS_MIN_AGE: 3PASS_MAX_AGE: 90PASS_WARN_AGE: 14

Mandatory character specifications:

The four parameters that force character specifications in a password are lcredit (lowercase), ucredit (uppercase), dcredit (numbers), and ocredit (other characters).

In the same file (/ etc/pam.d/common-password), find the line that contains pam_cracklib.so.

Add the following at the end of the line: lcredit=-a ucredit=-b dcredit=-c ocredit=-d.

For example, the following line requires that the password must contain at least one character per type. You can change the number according to the security level of your favorite password. Lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 .

4. Disable non-essential services that are easy to be used.

It is best to stop using unnecessary services. This reduces the number of open ports so that they can be utilized.

Install the systemd package:

Sudo apt-get install systemd

See which services are running:

Systemctl list-units

Identify which services may cause potential vulnerabilities in your system. For each service, you can:

Stop the currently running service: systemctl stop.

Prevent the service from starting when the system starts: systemctl disable.

After running these commands, check the status of the service: systemctl status.

5. Check the listening port

Open ports can pose security risks, so it is important to check the listening ports on the server. I use the netstat command to display all network connections:

Netstat-tulpn

Check the "address" column to determine the port number. Once you have found open ports, check to see if they are all necessary. If not, adjust the service you are running, or adjust your firewall settings.

6. Scan for malware

Antivirus scanning software can be useful in preventing viruses from entering your system. Using them is an easy way to protect your server from malware. My preferred tool is the open source software ClamAV.

Install ClamAV:

Sudo apt-get install clamav

Update virus signature:

Sudo freshclam

Scan all the files and print out the infected ones. When you find one, the bell rings:

Sudo clamscan-r-bell-I /

You can and should be set to scan automatically so that you don't have to remember or take the time to scan manually. For such simple automation, you can use systemd timers or your favorite cron.

Keep your server secure.

We cannot leave the responsibility of protecting the server to one person or one organization. With the rapid expansion of the threat environment, each of us should realize the importance of server security and adopt some simple and effective security best practices.

These are just some of the many steps you can take to improve the security of your Linux server. Of course, prevention is only part of the solution. These strategies should be combined with strict monitoring of denial of service attacks, system analysis with Lynis, and frequent backups.

At this point, the study on "how to improve the security of the Linux server" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.