DEV Community

Cover image for How To Harden a Linux Server in 10 Steps (With Commands)
Sudhir Bahadure
Sudhir Bahadure

Posted on

How To Harden a Linux Server in 10 Steps (With Commands)

Introduction

According to a recent report, over 60% of Linux servers are vulnerable to attacks due to weak security configurations. In this tutorial, you will learn how to harden a Linux server in 10 steps, ensuring a secure environment for your applications and data. To follow along, you will need a basic understanding of Linux commands, a Linux distribution (such as Arch Linux), and a test server or virtual machine.

Table of Contents

  1. Introduction
  2. Table of Contents
  3. Setting Up a Secure Linux Server
  4. Configuring the Firewall
  5. Disabling Unnecessary Services
  6. Implementing Strong Password Policies
  7. Configuring SSH for Secure Access
  8. Updating and Upgrading the System
  9. Monitoring System Logs
  10. Real-World Application and Tools
  11. Conclusion

Setting Up a Secure Linux Server

linux cybersecurity
To set up a secure Linux server, it's essential to start with a minimal installation of your preferred Linux distribution. For this example, we'll use Arch Linux. First, you need to update your package list and install the necessary packages:

sudo pacman -Syy
sudo pacman -S --needed archlinux-keyring
Enter fullscreen mode Exit fullscreen mode

This command updates the package list and installs the Arch Linux keyring, which is necessary for verifying package signatures.

Configuring the Firewall

  1. Install the iptables package:
sudo pacman -S iptables
Enter fullscreen mode Exit fullscreen mode
  1. Configure the firewall to allow incoming traffic on port 22 (SSH) and block all other incoming traffic:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -j DROP
Enter fullscreen mode Exit fullscreen mode
  1. Save the firewall rules:
sudo iptables-save > /etc/iptables/iptables.rules
Enter fullscreen mode Exit fullscreen mode
  1. Enable the firewall to start automatically on boot:
sudo systemctl enable iptables
Enter fullscreen mode Exit fullscreen mode

Disabling Unnecessary Services

  1. List all running services:
sudo systemctl list-units --type=service
Enter fullscreen mode Exit fullscreen mode
  1. Disable any unnecessary services. For example, to disable the bluetooth service:
sudo systemctl disable bluetooth
Enter fullscreen mode Exit fullscreen mode
  1. Reboot the system to apply the changes:
sudo reboot
Enter fullscreen mode Exit fullscreen mode

Implementing Strong Password Policies

  1. Install the pam package:
sudo pacman -S pam
Enter fullscreen mode Exit fullscreen mode
  1. Configure the password policy to require a minimum password length of 12 characters, with at least one uppercase letter, one lowercase letter, and one digit:
sudo echo "password    required      pam_unix.so sha512 shadow nullok try_first_pass use_authtok" >> /etc/pam.d/passwd
Enter fullscreen mode Exit fullscreen mode
  1. Update the password for the root user:
sudo passwd root
Enter fullscreen mode Exit fullscreen mode

Configuring SSH for Secure Access

  1. Install the openssh package:
sudo pacman -S openssh
Enter fullscreen mode Exit fullscreen mode
  1. Configure SSH to use a non-standard port (e.g., 2222) and disable password authentication:
sudo echo "Port 2222" >> /etc/ssh/sshd_config
sudo echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode
  1. Restart the SSH service:
sudo systemctl restart sshd
Enter fullscreen mode Exit fullscreen mode

Updating and Upgrading the System

  1. Update the package list:
sudo pacman -Syy
Enter fullscreen mode Exit fullscreen mode
  1. Upgrade all packages:
sudo pacman -Su
Enter fullscreen mode Exit fullscreen mode
  1. Clean up the package cache:
sudo pacman -Scc
Enter fullscreen mode Exit fullscreen mode

Monitoring System Logs

  1. Install the syslog-ng package:
sudo pacman -S syslog-ng
Enter fullscreen mode Exit fullscreen mode
  1. Configure syslog-ng to monitor system logs:
@version: 3.5
options {
  create_dirs(yes);
};
source s_src {
  system();
  internal();
};
destination d_dest {
  file("/var/log/messages");
};
log {
  source(s_src);
  destination(d_dest);
};
Enter fullscreen mode Exit fullscreen mode

Save this configuration to /etc/syslog-ng/syslog-ng.conf.

Real-World Application and Tools

By following these steps, you can significantly improve the security of your Linux server. In a real-world scenario, you can use tools like NordVPN (68% off + 3 months free) to secure your internet connection and Hostinger (up to 80% off hosting) to host your server. Additionally, you can use Namecheap (cheapest domains online) to manage your domain names.

Conclusion

In this tutorial, you learned how to harden a Linux server in 10 steps. The three key takeaways are:

  1. Configuring a secure firewall is essential to block unwanted traffic.
  2. Implementing strong password policies and disabling unnecessary services can prevent unauthorized access.
  3. Regularly updating and upgrading the system, as well as monitoring system logs, can help detect and prevent security breaches. To further improve your Linux security skills, check out the next article in the Linux & Security Deep Dives series, where we'll explore advanced topics such as intrusion detection and incident response. ---

💡 Found this helpful?

If this tutorial saved you time or solved a problem, consider:

Support me on Ko-fi

Every coffee keeps me writing free tutorials like this one!


This article was written with AI assistance and reviewed for technical accuracy.
Part of the **Linux & Security Deep Dives* series — Follow for more free tutorials*

#aBotWroteThis


📚 Related Reading

If you found this useful, you might also enjoy:

Follow me at dev.to/sudhirt_bahadure_c17efb6 for more tutorials.

Top comments (0)