Every server on the internet is constantly vulnerable to intrusion by nefarious users. It’s important that server administrators take action as soon as they setup a server to protect their server.

In this tutorial, we will outline some common steps for securing a Linux server. Commands in this tutorial will be based on CentOS 7, but they can be applied to most Linux distributions

Update System Packages

The best linux server security tip and key defense against attack is an up to date system that only contains packages actively being used by your applications.

If there is a service running that you don’t need, this leaves you unnecessarily vulnerable.

To update system packages and delete obsolete ones, run:

yum update

To upgrade to the next major version of a package, and delete obsolete packages run:

yum upgrade

Configure Automatic Updates

If you have a system which uses common applications that aren’t easily broken by routine system updates, you may wish to consider setting up automatic updates to improve linux server security. This is a useful server security tip for systems that you don’t regularly connect to.

To setup daily automatic updates, install yum-cron:

yum -y install yum-cron

Configure the package according to your needs:

vi /etc/yum/yum-cron.conf

Start and enable the service on boot:

systemctl start yum-cron
systemctl enable yum-cron

This application will be added to your daily crontab to install updates automatically for you.

See Also: Experience Our for Free VPS Hosting: Enjoy a 30-Day Trial with Risk-Free Servers

Maintain An Active Firewall

Installing and maintaining a firewall is a great way to close up ports that don’t need to be open, further enhancing server security. We recommend iptables for this case.

To install iptables:

yum install iptables-services

Set iptables to run on startup:

systemctl enable iptables

IPTables is now ready to be used For example, you can block an external IP with the following command:

iptables -A INPUT -s 192.168.0.10 -j DROP

To save rules permanently use the following command:

service iptables save

Disable Root Login over SSH

Disabling root login locks down a common source of brute-forcing. Attackers will now need to know a unique system user and password before gaining entry to your server.

To disable root login, follow these steps:

Add a user which will have SSH access and set the password:

useradd billjohnson
 passwd billjohnson

Add this user to have sudo access to run root commands:

visudo

Add the following line to this file and save it, replacing username with the user:

username ALL=(ALL) ALL

Open the following file in a text editor

vi /etc/ssh/sshd_config

Locate the following line:

#PermitRootLogin yes

Change it to the following:

PermitRootLogin no

Add the following line, then save and close the file:

AllowUsers username

Restart SSH:

service sshd restart

Root access is now disabled over SSH, providing additional server security from intrusion.

See Also: Experience Our for Free VPS Hosting: Enjoy a 30-Day Trial with Risk-Free Servers

Set Secure Password Policies

Enforcing strict user password rules is a great way to ensure you are not vulnerable to system entry through the use of weak passwords.

Update the following file to set stricter password controls:

vi /etc/security/pwquality.conf

Conclusion

There are hundreds of ways to secure a Linux server. We’ve outlined a few of the popular ones, but every application is specific. If you have a complex project, consider using our server management services. We provide complete server hardening and proactive monitoring to keep your server running at its best.

What are your feelings

COMPLETE DIGITAL SERVER SOLUTIONS FOR ALL

Bare Metal Dedicated Servers

A single tenant, physical server allowing you full access to its resources

Read More

Cloud VPS

The cheapest way to get your own independent computing instance.
Read More

Cloud VDS

Virtualized server platform hosted on enterprise-grade physical servers
Read More

10 Gbps Unmetered Servers

Zumiv offers high bandwidth dedicated servers up to 20Gbps.
Read More
free vps hosting qca50satdzdvwwiktdobzdsj43rc5tgslgo4e8d8lg qjmota74oi2zrgboohj848ng55q3ywzsnke3rxmdvo

ZOMEV NEWSLETTER

Receive the latest news, updates and offers. You can unsubscribe at any time.

ZOMEV NEWSLETTER

Receive the latest news, updates and offers. You can unsubscribe at any time.

zomiv footer logo

HOSTING REDEFINED

44-7-441-399-305
Support Hours: 24x7x365
Sale Office Hours: M-F, 7AM-5PM EST

We accept the following:

visa
mastercard
paypal
download (6)

PRODUCTS

SERVICES

© Copyright 2024, All Rights Reserved by DataCamp Int Limited.

Zomev is a trading name of DataCamp Int Limited. Registered Office: 71-75 Shelton Street, Covent Garden,
London, United Kingdom, WC2H 9JQ.Registered Number 15527709. Registered in England and Wales.

certifications

ZOMEV NEWSLETTER

Receive the latest news, and offers. You can unsubscribe at any time.

  • PRODUCTS
  • LOCATIONS
  • SOLUTIONS
  • COMPANY