Introduction
According to a recent report, over 60% of Linux servers are vulnerable to attacks due to weak security configurations. In this tutorial, you will learn how to harden a Linux server in 10 steps, ensuring a secure environment for your applications and data. To follow along, you will need a basic understanding of Linux commands, a Linux distribution (such as Arch Linux), and a test server or virtual machine.
Table of Contents
- Introduction
- Table of Contents
- Setting Up a Secure Linux Server
- Configuring the Firewall
- Disabling Unnecessary Services
- Implementing Strong Password Policies
- Configuring SSH for Secure Access
- Updating and Upgrading the System
- Monitoring System Logs
- Real-World Application and Tools
- Conclusion
Setting Up a Secure Linux Server
To set up a secure Linux server, it's essential to start with a minimal installation of your preferred Linux distribution. For this example, we'll use Arch Linux. First, you need to update your package list and install the necessary packages:
sudo pacman -Syy
sudo pacman -S --needed archlinux-keyring
This command updates the package list and installs the Arch Linux keyring, which is necessary for verifying package signatures.
Configuring the Firewall
- Install the
iptablespackage:
sudo pacman -S iptables
- Configure the firewall to allow incoming traffic on port 22 (SSH) and block all other incoming traffic:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -j DROP
- Save the firewall rules:
sudo iptables-save > /etc/iptables/iptables.rules
- Enable the firewall to start automatically on boot:
sudo systemctl enable iptables
Disabling Unnecessary Services
- List all running services:
sudo systemctl list-units --type=service
- Disable any unnecessary services. For example, to disable the
bluetoothservice:
sudo systemctl disable bluetooth
- Reboot the system to apply the changes:
sudo reboot
Implementing Strong Password Policies
- Install the
pampackage:
sudo pacman -S pam
- Configure the password policy to require a minimum password length of 12 characters, with at least one uppercase letter, one lowercase letter, and one digit:
sudo echo "password required pam_unix.so sha512 shadow nullok try_first_pass use_authtok" >> /etc/pam.d/passwd
- Update the password for the root user:
sudo passwd root
Configuring SSH for Secure Access
- Install the
opensshpackage:
sudo pacman -S openssh
- Configure SSH to use a non-standard port (e.g., 2222) and disable password authentication:
sudo echo "Port 2222" >> /etc/ssh/sshd_config
sudo echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
- Restart the SSH service:
sudo systemctl restart sshd
Updating and Upgrading the System
- Update the package list:
sudo pacman -Syy
- Upgrade all packages:
sudo pacman -Su
- Clean up the package cache:
sudo pacman -Scc
Monitoring System Logs
- Install the
syslog-ngpackage:
sudo pacman -S syslog-ng
- Configure syslog-ng to monitor system logs:
@version: 3.5
options {
create_dirs(yes);
};
source s_src {
system();
internal();
};
destination d_dest {
file("/var/log/messages");
};
log {
source(s_src);
destination(d_dest);
};
Save this configuration to /etc/syslog-ng/syslog-ng.conf.
Real-World Application and Tools
By following these steps, you can significantly improve the security of your Linux server. In a real-world scenario, you can use tools like NordVPN (68% off + 3 months free) to secure your internet connection and Hostinger (up to 80% off hosting) to host your server. Additionally, you can use Namecheap (cheapest domains online) to manage your domain names.
Conclusion
In this tutorial, you learned how to harden a Linux server in 10 steps. The three key takeaways are:
- Configuring a secure firewall is essential to block unwanted traffic.
- Implementing strong password policies and disabling unnecessary services can prevent unauthorized access.
- Regularly updating and upgrading the system, as well as monitoring system logs, can help detect and prevent security breaches. To further improve your Linux security skills, check out the next article in the Linux & Security Deep Dives series, where we'll explore advanced topics such as intrusion detection and incident response. ---
💡 Found this helpful?
If this tutorial saved you time or solved a problem, consider:
Every coffee keeps me writing free tutorials like this one!
This article was written with AI assistance and reviewed for technical accuracy.
Part of the **Linux & Security Deep Dives* series — Follow for more free tutorials*
#aBotWroteThis
📚 Related Reading
If you found this useful, you might also enjoy:
- How To Automate Your GitHub Workflow With Python Scripts
- Building a CLI Tool With Python That Solves a Real Problem
Follow me at dev.to/sudhirt_bahadure_c17efb6 for more tutorials.
Top comments (0)