Top 5 Ways to Secure Your Linux Server
Linux servers are at the center of the highest-end infrastructure, powering the most demanding web apps, databases, and enterprise workloads. This makes these servers a constant target. Everything from outdated software to weak SSH security and vulnerable open ports can provide an attacker with full control over the infrastructure.
At ServerMania, we’ve been deploying high-performance dedicated Linux servers for production environments for over a decade. We’ve seen the consequences of breaches and cyber attacks, so we know the importance of Linux server security.
To make securing a Linux server easy and accessible to everyone, this guide focuses on the top 5 primary methods of establishing several layers of protection.
1. Protect SSH Login Access
To protect your Linux server, you must always start with defense against cyber attacks. When someone is trying to attack your Linux server, they always start with login access. Whether it is stolen credentials, exploiting weak accounts, or brute forcing passwords, if they acquire shell access, it’s over – they control the server.
That’s why the first job here is to make signing in hard for attackers.
1.1 Disable Root SSH Login
The root user is the primary administrator of the Linux server and has unlimited control. Hence, if someone manages to sign in as “root”, they control everything. When you are under attack, a bot might be trying thousands of passwords per hour until they get the correct one and manage to log in as root. Luckily, you can remove this possibility.
So, you can disable direct root SSH access and use a regular user with controlled privileges.
First, add a new administrative user:
adduser yourusername
usermod -aG sudo yourusername # Use 'wheel' instead of 'sudo' on CentOS/RHELThe line “adduser” creates a new account, while “usermod -aG sudo” adds this user to the sudo group. Users from the sudo group can take administrative actions. This would be your admin account that replaces root for daily interactions.
Now, you can disable the SSH root login:
sudo nano /etc/ssh/sshd_configThen find this line:
PermitRootLogin noIf you can’t find this line, add it instead.
Then restart SSH:
sudo systemctl restart ssh # Ubuntu/Debian
sudo systemctl restart sshd # CentOS/RHELIn short, “PermitRootLogin no” blocks all root login attempts over SSH. Now, you can log in only with your admin user, and the same applies to any attackers.
1.2 Enforce SSH Key Authentication
Another primary target is your password. Many Linux servers are victims of bots trying as many as thousands of combinations per hour. That’s why, instead of a password, use SSH keys that will establish cryptographic authentication. Put simply, instead of writing a password, logging in needs a private key stored on the machine.
To begin, you must generate an SSH key on your local machine:
ssh-keygen -t ed25519This will create a private key that is saved in ~/.ssh/ and a public key with a .pub extension.
The next step is to upload the public key to the server:
ssh-copy-id yourusername@serverIPHere, replace “serverIP” with the actual IPv4 address of your server. When you’re ready, you can test logging in by running this command:
ssh yourusername@serverIPYou should be able to log in without having to write your password.
1.3 Disable Password Authentication
If your SSH key is working, you can now remove the password entirely. This is the ultimate layer of protection, as even the strongest passwords are a weak spot. Basically, here we will force all users to authenticate with SSH keys only.
First, open the SSH configuration file and find or add these lines:
sudo nano /etc/ssh/sshd_config
PasswordAuthentication no
ChallengeResponseAuthentication noTo apply the changes, restart the SSH:
sudo systemctl restart ssh # Ubuntu/Debian
sudo systemctl restart sshd # CentOS/RHELThat’s it. Your login access is now much safer. After this change, your Linux server is no longer a target of brute force attacks, login theft, and SSH intruders.
2. Set Up Firewall & Close Ports
This method focuses on protecting your Linux server on a network level. Authentication is now strong, which is good, but exposed services and ports can also be compromised. This is where Firewall shines, blocking ALL the external access to the server, unless you explicitly allow it.
2.1 Enable Deny Firewall Policy
The first step is to set a default deny firewall policy, which pretty much instructs it to block all network traffic to your server.
On Ubuntu or Debian systems, run:
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw enableAll external traffic would now be blocked.
Please be informed that some of your servers might stop working unless you enable the ports they were using, following the instructions in the next step.
See Also: How Firewalls Work in Network Security
2.2 Only Allow the Required Ports
Now, when your Firewall blocks everything, it’s time to start enabling only what’s necessary. For most web servers, only a few ports are needed:
- 22 for SSH
- 80 for HTTP
- 443 for HTTPS
So, run this command to begin with:
sudo ufw allow 22
sudo ufw allow 80
sudo ufw allow 443If other services are using different ports that are currently not working, run this command to check which ports are currently listening:
sudo ss -tulnpBased on the output, also open the other ports you need. For example:
- :3306 for MySQL
- :5432 for PostgreSQL
- :8080 for a custom web app
- :3000 for Node.js
You can verify whether a specific service is working by:
sudo systemctl status name_of_serviceNote: Just replace “name_of_service” with the name of your service, e.g, MySQL.
2.3 Disable Any Unused Services
An optional, but recommended step, is to disable servers that you don’t use. Every service is another way for attackers to identify weak spots. Therefore, the fewer services you run, the smaller the attack surface remains.
To see all your running services, run this command:
sudo systemctl list-units --type=service --state=runningTo stop and disable a service:
sudo systemctl stop servicename
sudo systemctl disable servicenameKeep the operational services down to a minimum. This greatly reduces the server vulnerability.
See Also: Best Practice Database Security
3. Update System & Packages
Outdated software running on your Linux server is one of the most common causes for server breaches. Cyber attacks often involve locating software versions with vulnerability gaps, and if your server runs one of these, it creates a weak spot.
There are a couple of ways to protect your server against this.
3.1 Update your Installed Packages
On Ubuntu or Debian systems, run:
sudo apt update
sudo apt upgrade -yOn CentOS, AlmaLinux, or RHEL:
sudo yum update -yThis will download all the security patches and install all the updated versions of your services.
3.2 Enable Automatic Security Updates
While updating manually works just fine, it depends on discipline. Automation can completely automate this process for you and keep your apps updated.
On Ubuntu or Debian:
sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgradesThis enables automatic installation of security patches.
For RHEL-based systems:
sudo yum install dnf-automatic
sudo systemctl enable --now dnf-automatic.timerThis will schedule automatic update checks and installations. It’s an ideal way to keep all your services and systems up to date, without checking manually.
3.3 Verify Kernel and Linux Support
It’s crucial to verify that the Linux distribution you’re running is still supported. When a system is out of support, they stop releasing security updates, which creates security holes that could be exploited by attackers in various ways.
First, check your kernel version:
uname -rThen go online and verify that this version is still supported. If not, you may have to choose a different Linux distribution with a supported kernel version.
See Also: How to Restrict Access to IPs for Network Security
4. Logs & Activity Monitoring
One of the best ways to protect your Linux server is to have more visibility. You need to be fully aware of what is happening, since strong prevention is not always enough. With monitoring, you can detect repeated SSH login attempts, unauthorized access, and any privilege changes.
This is enough to detect suspicious activity early on. Here’s what to do:
4.1 Enable and Review System Logs
The Linux system records authentication events, service activity, and system changes, which is a great way to review the full picture of what’s happening.
First, here’s how to check authentication logs:
Ubuntu or Debian:
sudo cat /var/log/auth.log
RHEL-based systems:
sudo cat /var/log/secure
If you see repeated login attempts from unknown usernames, it probably means someone is trying to guess your password and acquire root access. In short, repeated actions often mean probing, and in many cases, those might be bots.
4.2 Enable Log Rotation Service
Logs can grow really quickly, and without a rotation, they would consume a large portion of the disk space. This can reduce your system performance, hence it’s best to enable rotation that will clear and remove old logs safely.
Here’s how:
sudo systemctl status logrotateThat’s it. Now that you know how to review logs, you can identify suspicious patterns early on. We also recommend installing tools like auditd and AIDE to track privileged actions and monitor the integrity of your files, providing you with another layer of observation.
See Also: How to Improve Endpoint Security in 7 Easy Steps
5. Maintain Reliable Backups
Even with the top-tier prevention from the previous methods, no server could become immune. That’s why the final method is related to failover readiness. This is the ultimate way to protect your data even when the layers of prevention fail.
There are two priorities here: encryption and backup.
5.1 Enforce Encrypted Connections
The first step is to ensure that all traffic runs over HTTPS. That is because unencrypted HTTP opens a gap and exposes all your login credentials, cookies, and moving data. To battle this, you must install an SSL certificate and redirect all traffic to HTTPS.
It’s easy, so let’s start on Ubuntu with Nginx and Certbot:
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginxThis set of commands will install a trusted certificate that will set up your HTTPS automatically. This encryption will prevent the interception of your moving data during transmission. It’s a great way to protect databases, storage servers, and so on…
5.2 Encrypt the Static Sensitive Data
If your server stores client data, financial files, or credentials, you need to protect it as it is on the storage level. To do this, you can use disk encryption during deployment or encrypt specific directories containing sensitive information.
So, if an attacker somehow acquires physical or backup access, your encrypted data remains unreadable without the key.
5.3 Automate and Test your Backups
It’s critical to deploy a backup system to protect your data, especially when you’re dealing with sensitive information. Regular backups will protect your data against:
- Accidental deletion
- System corruption
- Ransomware
- Hardware failure
To create scheduled backups, you can run this command:
crontab -eYou should add a daily backup job for critical directories and databases. Also, store the backups offsite, meaning on a different machine. If they remain on the same server, they are lost during compromise. Most importantly, test restoration regularly.
A backup that cannot be restored has no value.
See Also: Linux Server Hardening Checklist
Need a Secure Linux Environment?
If you’re looking for a secure Linux environment to run your applications with peace of mind, we strongly encourage you to explore ServerMania Linux dedicated servers.
We provide controlled on-site access, monitoring, and managed services in top-tier data center locations across North America, Canada, and Europe. We gain customers’ trust by providing confidence with an infrastructure designed for high-scale deployments, outstanding customer service, and transparency.
If you’re curious to learn more, feel free to book a free consultation with Linux security experts or get in touch with our 24/7 customer support.
💬 We’re available for discussion right now!
Was this page helpful?
About the author
