Shulou(Shulou.com)06/02 Report--

This article introduces the knowledge of "what is the method of protecting Linux server". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

1. Update your server

To protect the server, the first thing you should do is update the local repository and upgrade the operating system and installed applications by applying new patches.

About Ubuntu and Debian:

$sudo apt update & & sudo apt upgrade-y

On Fedora,CentOS or RHEL:

$sudo dnf upgrade

two。 Create a new privileged user account

Next, create a new user account. Never log in to the server as root. Instead, create your own account (), give it sudo permissions, and use it to log in to your server.

First create a new user:

$adduser

Grant the new user account sudo permissions by attaching the (- a) sudo group (- G) to the user's group membership:

$usermod-a-G sudo

3. Upload your SSH key

Log in to the new server using the SSH key. You can use the ssh-copy-id command to upload the pre-generated SSH key to the new server:

$ssh-copy-id

@ ip_address

You can now log in to the new server without entering a password.

4. Secure SSH

Next, make the following three changes:

Disable SSH password authentication

Restrict root remote login

Restrict access to IPv4 or IPv6

Open / etc / ssh / sshd_config using the text editor of your choice and ensure the following line:

PasswordAuthentication yes

PermitRootLogin yes

Like this:

PasswordAuthentication no

PermitRootLogin no

Next, restrict the SSH service to IPv4 or IPv6 by modifying the AddressFamily option. To change it to use only IPv4 (which should be fine for most people), make the following changes:

AddressFamily inet

Restart the SSH service to enable your changes. Note that before restarting the SSH server, establish two active connections to the server. With additional connections, you can fix all problems in the event of a reboot error.

On Ubuntu:

$sudo service sshd restart

On Fedora or CentOS or any system that uses Systemd:

$sudo systemctl restart sshd

5. Enable firewall

Install a firewall, enable it, and configure it to allow only the network traffic you specify. Simple Firewall (UFW) is an easy-to-use interface for iptables, which can greatly simplify the configuration process of the firewall.

You can install UFW in the following ways:

$sudo apt install ufw

By default, UFW rejects all incoming connections and allows all outgoing connections. This means that any application on the server can access the Internet, but any content that attempts to access the server cannot be connected.

First, make sure you can log in by enabling access to SSH, HTTP, and HTTPS:

$sudo ufw allow ssh

$sudo ufw allow http

$sudo ufw allow https

Then enable UFW:

$sudo ufw enable

You can see which services are allowed and denied in the following ways:

$sudo ufw status

If you want to disable UFW, you can disable it by typing:

$sudo ufw disable

You can also use firewall-cmd, which has been installed and integrated into some distributions.

6. Install Fail2ban

Fail2ban is an application that checks server logs for duplicates or automatic attacks. If anything is found, it will change the firewall to block the attacker's IP address permanently or for a specified period of time.

You can install Fail2ban by typing:

$sudo apt install fail2ban-y

Then copy the accompanying configuration file:

$sudo cp / etc/fail2ban/jail.conf / etc/fail2ban/jail.local

And restart Fail2ban:

$sudo service fail2ban restart

The software will constantly check the log files for attacks. After a while, the application will create a lot of prohibited IP address lists. You can view this list by requesting the current status of the SSH service in the following ways:

$sudo fail2ban-client status ssh

7. Delete unused network-oriented services

Almost all Linux server operating systems have enabled some network-oriented services. You may want to keep most of them, but you need to delete some of them. You can use the ss command to view all running network services:

$sudo ss-atpu

The output of ss will depend on your operating system. This is an example that you might see. It shows that the SSH (sshd) and Ngnix (nginx) services are listening and preparing to connect:

Tcp LISTEN 0128 *: http *: * users: ("nginx", pid=22563,fd=7)

Tcp LISTEN 0128 *: ssh *: * users: ("sshd", pid=685,fd=3)

The way you delete unused services (") will vary depending on your operating system and the package manager it uses.

To remove unused services on Debian / Ubuntu:

$sudo apt purge

To delete unused services on Red Hat / CentOS:

$sudo yum remove

Run ss-atup again to confirm that unused services are no longer installed and running.

This is the end of the content of "what is the way to protect the Linux server". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.