en
  English
Phone :  +370 (5) 204-1903
Email: sales@1gbits.com

Linux Server Security

In the technical world, Linux is setting its strong foot. The demand has grown exponentially ever since its inception. 

Linux Tutorial Jul 01, 21 by Nisal N 10 min Read
Linux Server Security

According to Netcraft’s August 2019 data, Linux is being used by almost 75% of servers globally. An impressive number, right?  Well, this data clearly indicates the impact Linux has in the tech field. 

Now, security is a criterion that holds an eminent importance in every field. The same applies here. Linux server security plays a vital role in the overall existence of this Operating System. 

In this article, we are going to explore the same. 

Let us dive into our point of discussion and explore this area.

Linux Server Security

When we talk about data security, Linux server security is extremely essential. 

You may not be acquainted with this fact, but you use Linux in your day to day life very often. It is actively present in several digital and social media platforms like Facebook, Instagram, Twitter, etc.

Even major tech giants are also using Linux in their respective ecosystems. 

Now, security is a major concern for every company. In this article, we will provide you with the topmost security practices for Linux servers. 

Take a look at the pointers as stated below:

  • SSH key pair
  • Regular Software Updates
  • Strong passwords
  • Remove unwanted software
  • Auto updates
  • Don’t boot from other devices
  • Close hidden open ports
  • Test backups regularly
  • Scan your log files
  • Security audit

Let’s begin!

Best security methods for Linux servers

SSH key pair

There are several methods to maintain the security aspect while you log in to the private servers. 

SSH key pairs or Secure Shell key pairs are very effective and efficient. It is really a challenging task to hack these key pairs. Hence it’s a win-win situation for you.

No wonder that the standard method of implementing username and password setup is opted by the majority of people. But this setup may result in the collapse of the entire infrastructure due to some easily guessed options.

It is also a fact that Secure Shell key pairs are not as easily usable as passwords in day-to-day life, but they’re undoubtedly more secure. But, what makes these key pairs so confidently secure? 

The answer is that these pairs are highly encrypted at both the ends, namely, the server and the device you use. 

Additionally, one key pair is equal to a 12 character password. 

Moving on, what is the process to generate a secure shell key and password?

Let’s see!

To create a key, you must enter the below-stated command:

ssh-keygen -t rsa

It’s your choice to select the desired location to save the key. Or you can simply press enter to send it to the default location. Take a look:

"Enter file in which you wish to save the key (/home/youruser/.ssh/id_rsa):"

Besides, you should be careful while saving your keys as there is a probability of physical attacks when the servers are hacked. In case you are under a cyber attack, select a local device to reduce the harmful effects, to be on the safer side.

Regular Software Updates

There are regular software updates for your Linux server security. These updates help to overcome several vulnerabilities or bugs faced by the servers. 

Sometimes, the users tend to ignore these updates and keep them untouched. This approach is not beneficial. The reason is that without proper updates, the software starts to become junk. It becomes less safe and quite easy to hack. 

Moreover, there are several ways to update your software. Here is the command that you can type in the command line:

apt-get update

This command lists all the available packages and information of the latest version for you. Now, to install such packages on your device, you have to type the below-stated command:

apt-get upgrade

That’s it!

Strong passwords

The foundation of any secure network is a strong password. Always set a strong password with a minimum length of at least 10 alphanumeric characters. Do not set the same password for other users or systems.

Keep updating it from time to time. 

There are ample password managers available in the market for Linux platforms. They offer some really impressive features that are inclusive of:

  • Two-factor authentication
  • Cloud password storage
  • Password generators

Before selecting a password manager, you must examine and understand your requirements keenly. As it is understood, that no one password manager is a perfect choice for different servers. You must investigate properly and then land on a wise choice. 

Remove unwanted software

Sometimes, new software seems attractive with impressive specifications but you don't have to install them every time. 

Walking down this lane, the security of your Linux server could be under some potential threat. In order to keep the server working at its highest efficiency, keep doing regular audits. 

To currently check all your downloaded packages on the device you can use an RPM or Red Hat Package Manager. With its help, you can easily remove unwanted software. To implement the same, use the below-stated command:

rpm -ivh {rpm-file}

Moving on!

Auto updates

For guaranteed Linux server security, you should hold regular updates for your software. Sometimes, it becomes tough to handle a lot of tasks altogether. To overcome this, you can always opt for an automatic approach. 

Once you enable automatic updates, you need not worry about taking care of the updates anymore. 

Your software security stays up to date without the need of any intervention manually. 

Moreover, you have ample options to enable automatic updates. If you are a GNOME user, then follow these steps:

  • Go to your System menu
  • Tap on Administration
  • Head towards Update Manager and select Settings

Now click on the Updates tab. Click on the option stating, Install security updates.

Additionally, if you want to monitor your updates through email, you have to install a package called apt-listchanges package. As soon as any update occurs, you get an email alert. To start this feature, use the following command:

apt-get install unattended-upgrades apt-listchanges

And you’re done.

Don’t boot from other devices

Not booting from other devices can protect you from several physical attacks. This step adds extra security to the security layers of your server. 

Sometimes, outside parties can use other devices, for example, USB thumb drives, to extract important information. 

Now, there are various methods to disable USB ports in Linux and one of them is specified as below:

  • Open the terminal and enter: chmod 000 /media/

Close hidden open ports

At times, the open ports may expose network architecture information. Therefore, you need to close such ports.

Here are some command lines if you are looking to find some specific ports:

  • UDP Ports: netstat -au
  • TCP Ports: netstat -at
  • Listening ports: netstat -l
  • All ports: netstat -s

Test backups regularly

It is evident for the Linux servers to have an offsite backup. There are instances where the server is under a cyber or a physical attack. In such situations, there stands a possibility that your entire data gets corrupted. To bypass the data loss, it is suggested that you keep a backup of your work. 

In Linux, an extremely popular option to backup your data is rsync. There are ample features tagged along with this application. You can create daily backups or choose the files that you want to take backup of. 

If you wish to install it on CentOS, use the below-mentioned command:

yum install rsync

In the case of Debian, type:

sudo apt-get install rsync

You must take notice of the fact that backups should be tested on a regular basis. Testing helps you to verify if the backup has the right amount of files or if the files can be recovered with ease, at the time of any data intrusion. 

Moreover, to check the complete details of a manual backup you can use the lastbackup command. Likewise, to verify that the files are backed up orderly, you can use the scan command.

Scan your log files 

There are several common attacks on Linux servers and one of them is known as Brute force attack. 

If you want to protect your server from such attacks, then you can take the help of intrusion prevention software known as Fail2ban. 

This software proves beneficial in order to detect several authentication failure patterns. You also receive several email alerts about a probable attack. This further helps you to control the situation as early as possible. 

Now, in order to install Fail2ban, use this command:

yum install fail2ban

In the case of Debian, the command goes like this:

apt-get install fail2ban

Additionally, to enable the email support on CentOS 7, you can use the command as follows:

yum install sendmail

On the other hand, if you are using Debian, follow this command:

apt-get install sendmail-bin sendmail

Security audit

If you are not regularly updating the server, then even the most secure server can be exposed to a potential attack. 

Regular security audits guarantee you information about the gaps, if any, related to the protection of your Linux server. 

Conclusion

Linux server security is not just a one-step solution. As you have seen, there are various steps involved in the whole architecture, which require data backups, regular audits, software updates, etc. 

You have to regularly keep a check and perform these steps in order to guarantee protection for your Linux server. In this way, you can surpass probable cyber attacks. After all, security holds great significance and results in higher reliability and credibility. 

In the end, we hope that the information provided in this article helps you to understand various methods involved in Linux server security. 

Happy learning!

author img

Nisal N

Computers has always fascinated me since I was a kid and here we are. I love travelling for 2 reasons: the first one to see a new part of the world and second (the most important one) to experience the rich culture hidden among the country and people. I'm pretty good at cooking but very poor when it comes to baking.

Leave A Comment