How to Secure the Linux Servers? A few Simple Tips

in Witness Activities2 years ago

image.png

I have 20+ servers, and I need to make sure they are safe, so here are the few steps I took to harden the security:

Change SSH Port number


you can configure Port XXX in /etc/ssh/sshd_config and remember to restart the ssd service to take effect:

service sshd restart

Disable root SSH login


you can configure PermitRootLogin no in /etc/ssh/sshd_config and remember to restart the ssd service via:

service sshd restart

Enable ufw firewall


Then, you can allow certain ports to go through via e.g:

sudo ufw allow 80/tcp

or disable ports via:

sudo ufw disallow 22/tcp

Disable MySQL root login remotely


Also, use a username that is not root. You can do it via /etc/mysql/my.cnf

Grant correct permissions to users. See this post for more details.

Pick a strong password


My login-user password is around 30 characters - so they are not easy to be cracked via bruteforce algorithms.

Use SSH key to login


Put the public key in ~/.ssh/authorized_keys and use the SSH key to login instead. You need to generate the SSH key pairs first via:

ssh-keygen -t rsa

Protect special folders via .htaccess and .htpasswd


For example, if you have wordpress, you would need to protect /wp-admin. If you install phpadmin, you would certainly protect it via .htaccess/.htpasswd. You can also have a allow/disallow IP list here.

Disable user SSH login via password


You can disable SSH login via username/password by PasswordAuthentication no in /etc/ssh/sshd_config but make sure you have the SSH keys correctly set - otherwise you will be locked out of your server.

Reposted to Blog

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Thank you for reading ^^^^^^^^^^^^^^^

NEW! Following my Trail (Upvote or/and Downvote)

Follow me for topics of Algorithms, Blockchain and Cloud.
I am @justyy - a Steem Witness
https://steemyy.com

My contributions

Steem/Swap to USDT Swap

I also made this Super Easy/Handy Service to Convert your STEEM or SBD to USDT (TRC-20)

Delegation Service

Voting Power Considered in Voting Schema and Important Update of Delegation Service!

  • Delegate 1000 to justyy: Link
  • Delegate 5000 to justyy: Link
  • Delegate 10000 to justyy: Link

Support me

If you like my work, please:

  1. Delegate SP: https://steemyy.com/sp-delegate-form/?delegatee=justyy
  2. Vote @justyy as Witness: https://steemyy.com/witness-voting/?witness=justyy&action=approve
  3. Set @justyy as Proxy: https://steemyy.com/witness-voting/?witness=justyy&action=proxy
    Alternatively, you can vote witness or set proxy here: https://steemit.com/~witnesses
Sort:  

Great tips! Thank you justyy!!!

This post has been featured in the latest edition of Witness Weekly...

Hello @pennsif! You are superb!


command: !thumbup is powered by witness @justyy and his contributions are: https://steemyy.com
More commands are coming!