Member-only story
7 CIS Security Best Practices I Apply on Every Linux Server I Set Up
--
1
Share
Intro: CIS Benchmarks are like a checklist for hardening your Linux servers against the most common threats. These best practices aren’t just for compliance — they’re battle-tested techniques that have saved me from misconfigurations, attacks, and downtime. Here are 7 steps I take every time I spin up a new Ubuntu or Red Hat server.
1. 🔐 Disable Root Login via SSH
Why: Root login over SSH is a major target for brute-force attacks.
✅ How:
sudo nano /etc/ssh/sshd_config# Set this:PermitRootLogin no
sudo systemctl restart sshd
2. 🧱 Enable and Configure a Host Firewall
Why: Only allow what’s needed, and block everything else by default.
✅ Ubuntu:
sudo ufw default deny incomingsudo ufw default allow outgoingsudo ufw allow OpenSSHsudo ufw enable
✅ Red Hat:
sudo firewall-cmd --set-default-zone=dropsudo firewall-cmd --permanent --add-service=sshsudo firewall-cmd --reload
Top comments (0)