Scribd
Upload
11 views

how_to_secure_your__thread_by_devops_tech___mar 27, 23_from_rattibha

The document provides a comprehensive guide on securing Linux servers, outlining 14 best practices including keeping systems updated, disabling unnecessary services, using strong passwords, and implementing firewalls. It emphasizes the importance of monitoring logs, using encryption, and performing regular backups and audits. Following these recommendations can help protect servers and sensitive data from security threats.

Uploaded by

Simon Mhere
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views

how_to_secure_your__thread_by_devops_tech___mar 27, 23_from_rattibha

The document provides a comprehensive guide on securing Linux servers, outlining 14 best practices including keeping systems updated, disabling unnecessary services, using strong passwords, and implementing firewalls. It emphasizes the importance of monitoring logs, using encryption, and performing regular backups and audits. Following these recommendations can help protect servers and sensitive data from security threats.

Uploaded by

Simon Mhere
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 26

Rakesh Jain

@devops_tech

22 Tweets • 2023-03-27 •  See on Twitter


rattibha.com 

How to secure your Linux servers?

A detailed thread with examples


https://video.twimg.com/tweet_video/FsNy

WfMaIAcx9Qf.mp4
1/14: Keep ur system up-to-date by regularly applying
patches and updates. This ensures that your system is
protected against known vulnerabilities.

Use the package manager of your distribution to


update the system and applications.

https://video.twimg.com/tweet_video/FsNy

jHIaMAg2VlT.mp4
For example, in Ubuntu, you can use the apt
command to update the system:

$ sudo apt update && sudo apt upgrade

2/14: Disable unnecessary services and applications


that are not required for your server to operate. These
services and applications can expose your server to
attacks. Use the systemctl command to disable and
stop services.
For example, to disable the Apache service in Ubuntu,
you can use the following command:

$ sudo systemctl disable apache2


3/14 : Use strong passwords for all user accounts on
your system, including the root account. Strong
passwords should be at least 12 characters long and
should include a mix of uppercase and lowercase
letters, numbers, and special characters.
Use the passwd command to set a new password:

$ sudo passwd username

4/14: Use firewall rules to restrict access to your


server. You can use the ufw command in Ubuntu to
set up firewall rules. For example, to allow SSH
access from a specific IP address, use the following
command:

$ sudo ufw allow from 192.168.1.100 to any port 22


https://video.twimg.com/tweet_video/FsNz

LNSaMAAmUiJ.mp4
5/14: Use SSH key-based authentication to secure
SSH access to your server. This method is more
secure than password-based authentication because it
uses public-private key cryptography. Generate a new
SSH key pair using the ssh-keygen command:

$ ssh-keygen -t rsa -b 4096


6/14: Use encrypted connections when transferring
sensitive data between your server & other systems.
For example, use HTTPS instead of HTTP for web
traffic, and use SFTP instead of FTP for file transfers.
Install & configure SSL certificates for your web server
to enable HTTPS.
https://video.twimg.com/tweet_video/FsNz

vA7aMAIzAuh.mp4

7/14: Regularly monitor your system logs for


suspicious activity. Logs can help u detect & respond
to security incidents. Use the journalctl command to
view system logs.

For eg, to view the last 100 lines of the system journal,
use the following cmd:

$ sudo journalctl -n 100


8/14: Use intrusion detection/prevention systems to
detect/prevent attacks. Install & configure security
tools such as fail2ban, which can automatically block
IP addr's dat show suspicious behavior.

For eg, use the below cmd to install fail2ban in Ubuntu

$ apt install fail2ban


9/14: Regularly perform backups of your system data
to protect against data loss and system failures. Use
backup tools such as rsync or tar to create backups of
important files and directories.
For example, to create a backup of the /etc directory,
use the following command:

$ sudo tar -czvf etc-backup.tar.gz /etc


10/14: Use 2-factor authentication to add an extra
layer of security to ur login process. It requires a user
to provide a password & a second factor such as a
token or code sent to their phone. u can use tools like
Google Authenticator or Authy to set up 2-factor
authentication.
11/14: Use strong encryption for sensitive data on ur
server. For eg, use LUKS (Linux Unified Key Setup) to
encrypt ur drive, or use GPG (GNU Privacy Guard) to
encrypt individual files.

Eg of how to encrypt a file using GPG:

$ gpg --output file.gpg --symmetric file.txt


12/14: Limit access to sensitive files and directories by
using file permissions. Use the chmod command to
set permissions for files and directories.
For example, to set read, write, and execute
permissions for the owner, and read-only permissions
for everyone else, use the following command:

$ chmod 755 file.txt


13/14: Use strong encryption for network traffic to
protect against eavesdropping & data theft. Use tools
like OpenVPN or WireGuard to create encrypted
virtual private networks (VPNs) for secure remote
access.

To install OpenVPN on Ubuntu:

$ sudo apt install openvpn


14/14: Regularly audit your server's security
configuration to ensure that it remains secure over
time. Use tools like Lynis or CIS-CAT to perform
security audits and identify potential vulnerabilities.

Here's an eg of how to install Lynis on Ubuntu:

$ sudo apt install lynis


https://video.twimg.com/tweet_video/FsN2

cOVacAASiMR.mp4
These a few tips to help you secure your Linux server.
By following these best practices and regularly
monitoring your system, you can help protect your
server and the data it contains from security threats.

Retweet the thread if you find it useful. Thanks!

These pages were created and arranged by Rattibha


services (https://www.rattibha.com)
The contents of these pages, including all images,
videos, attachments and external links published
(collectively referred to as "this publication"),
were created at the request of a user (s) from
Twitter. Rattibha provides an automated service,
without human intervention, to copy the contents of
tweets from Twitter and publish them in an article
style, and create PDF pages that can be printed and
shared, at the request of Twitter user (s). Please
note that the views and all contents in this
publication are those of the author and do not
necessarily represent the views of Rattibha. Rattibha
assumes no responsibility for any damage or breaches
of any law resulting from the contents of this
publication.

You might also like