Member-only story
7 CIS Security Best Practices I Apply on Every Linux Server I Set Up
--
1
Share
Intro: CIS Benchmarks are like a checklist for hardening your Linux servers against the most common threats. These best practices arenโt just for compliance โ theyโre battle-tested techniques that have saved me from misconfigurations, attacks, and downtime. Here are 7 steps I take every time I spin up a new Ubuntu or Red Hat server.
1. ๐ Disable Root Login via SSH
Why: Root login over SSH is a major target for brute-force attacks.
โ
How:
sudo nano /etc/ssh/sshd_config# Set this:PermitRootLogin no
sudo systemctl restart sshd
2. ๐งฑ Enable and Configure a Host Firewall
Why: Only allow whatโs needed, and block everything else by default.
โ
Ubuntu:
sudo ufw default deny incomingsudo ufw default allow outgoingsudo ufw allow OpenSSHsudo ufw enable
โ
Red Hat:
sudo firewall-cmd --set-default-zone=dropsudo firewall-cmd --permanent --add-service=sshsudo firewall-cmd --reload
Top comments (0)