The latest articles on DEV Community by Sovrab Roy (@setu102). https://dev.to/setu102 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3916743%2F31d3eb0e-660b-424f-8dac-dc4e00006198.jpeg https://dev.to/setu102 en Sovrab Roy Wed, 06 May 2026 22:07:26 +0000 https://dev.to/setu102/essential-linux-server-hardening-steps-for-production-environments-3gm1 https://dev.to/setu102/essential-linux-server-hardening-steps-for-production-environments-3gm1 <h1> Essential Linux Server Hardening Steps for Production Environments </h1> <p>Securing a Linux server is one of the most important responsibilities of a system administrator. A poorly configured server can become vulnerable to brute-force attacks, malware, privilege escalation, and unauthorized access.</p> <p>In this article, I will share some essential Linux server hardening steps that I usually apply after deploying a fresh Ubuntu or Debian server for production use.</p> <h1> 1. Update System Packages </h1> <p>The first thing I do is update all installed packages and security patches.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt upgrade <span class="nt">-y</span> </code></pre> </div> <p>Keeping packages updated reduces security vulnerabilities and improves server stability.</p> <h1> 2. Create a Non-Root Sudo User </h1> <p>Using the root account directly is risky. Instead, create a separate sudo user.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>adduser sovrab usermod <span class="nt">-aG</span> <span class="nb">sudo </span>sovrab </code></pre> </div> <p>This improves accountability and reduces direct root exposure.</p> <h1> 3. Disable Root SSH Login </h1> <p>Root login through SSH should be disabled to prevent brute-force attacks.</p> <p>Edit the SSH configuration file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>nano /etc/ssh/sshd_config </code></pre> </div> <p>Find:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>PermitRootLogin <span class="nb">yes</span> </code></pre> </div> <p>Change it to:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>PermitRootLogin no </code></pre> </div> <p>Restart SSH service:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl restart ssh </code></pre> </div> <h1> 4. Change Default SSH Port </h1> <p>Changing the default SSH port from 22 to another custom port helps reduce automated attack attempts.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>Port 2222 </code></pre> </div> <p>Do not forget to allow the new port through the firewall.</p> <h1> 5. Configure UFW Firewall </h1> <p>Ubuntu ships with UFW (Uncomplicated Firewall), which is easy to configure.</p> <p>Allow SSH port:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ufw allow 2222/tcp </code></pre> </div> <p>Enable firewall:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ufw <span class="nb">enable</span> </code></pre> </div> <p>Check status:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>ufw status </code></pre> </div> <h1> 6. Install Fail2Ban </h1> <p>Fail2Ban protects servers from repeated failed login attempts.</p> <p>Install:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install </span>fail2ban <span class="nt">-y</span> </code></pre> </div> <p>Enable and start:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl <span class="nb">enable </span>fail2ban <span class="nb">sudo </span>systemctl start fail2ban </code></pre> </div> <p>Check status:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>fail2ban-client status </code></pre> </div> <h1> 7. Configure Automatic Security Updates </h1> <p>Automatic security updates help patch vulnerabilities quickly.</p> <p>Install unattended upgrades:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt <span class="nb">install </span>unattended-upgrades </code></pre> </div> <p>Enable:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>dpkg-reconfigure unattended-upgrades </code></pre> </div> <h1> 8. Disable Unused Services </h1> <p>Unused services increase attack surfaces.</p> <p>Check running services:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl list-units <span class="nt">--type</span><span class="o">=</span>service </code></pre> </div> <p>Disable unnecessary services:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>systemctl disable service-name </code></pre> </div> <h1> 9. Monitor Server Resources </h1> <p>Resource monitoring helps detect unusual activity and performance bottlenecks.</p> <p>Useful commands:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>htop <span class="nb">df</span> <span class="nt">-h</span> free <span class="nt">-m</span> <span class="nb">uptime</span> </code></pre> </div> <h1> 10. Secure Shared Hosting Environments </h1> <p>For cPanel or shared hosting servers, additional security measures are recommended:</p> <ul> <li>Configure CSF firewall</li> <li>Enable ModSecurity</li> <li>Harden PHP functions</li> <li>Use CloudLinux isolation</li> <li>Enable ImunifyAV or Imunify360</li> <li>Configure secure backups</li> </ul> <h1> 11. Backup Strategy </h1> <p>Backups are critical for disaster recovery.</p> <p>Important backup locations:</p> <ul> <li>Website files</li> <li>MySQL databases</li> <li>Configuration files</li> <li>DNS zones</li> <li>Email accounts</li> </ul> <p>I usually automate backups using shell scripts and remote storage solutions.</p> <h1> 12. Docker Security Basics </h1> <p>If Docker is installed:</p> <ul> <li>Avoid running containers as root</li> <li>Use trusted images only</li> <li>Keep images updated</li> <li>Limit container privileges</li> <li>Monitor exposed ports</li> </ul> <p>Check containers:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker ps </code></pre> </div> <h1> Conclusion </h1> <p>Linux server hardening is not a one-time task. Security requires continuous monitoring, patching, auditing, and optimization.</p> <p>A properly secured Linux server improves reliability, uptime, and infrastructure stability while reducing security risks.</p> <p>As a Linux System Administrator and Server Engineer, I regularly work with Linux servers, cloud infrastructure, Docker, cPanel, hosting technologies, and production environment optimization.</p> <p>🌐 Portfolio:<br> <a href="https://sovrabroy.online" rel="noopener noreferrer">https://sovrabroy.online</a></p> <h1> linux #devops #cloud #docker #serveradministration </h1> linux devops cloud git Sovrab Roy Wed, 06 May 2026 22:02:07 +0000 https://dev.to/setu102/hello-dev-community-im-sovrab-roy-a-linux-system-administrator-server-engineer-from-1l7e https://dev.to/setu102/hello-dev-community-im-sovrab-roy-a-linux-system-administrator-server-engineer-from-1l7e community docker infrastructure linux