Update System Packages

The best linux server security tip and key defense against attack is an up to date system that only contains packages actively being used by your applications.

If there is a service running that you don’t need, this leaves you unnecessarily vulnerable.

To update system packages and delete obsolete ones, run:

yum update

To upgrade to the next major version of a package, and delete obsolete packages run:

yum upgrade

Configure Automatic Updates

If you have a system which uses common applications that aren’t easily broken by routine system updates, you may wish to consider setting up automatic updates to improve linux server security. This is a useful server security tip for systems that you don’t regularly connect to.

To setup daily automatic updates, install yum-cron:

yum -y install yum-cron

Configure the package according to your needs:

vi /etc/yum/yum-cron.conf

Start and enable the service on boot:

systemctl start yum-cron
systemctl enable yum-cron

This application will be added to your daily crontab to install updates automatically for you.

Maintain An Active Firewall

Installing and maintaining a firewall is a great way to close up ports that don’t need to be open, further enhancing server security. We recommend iptables for this case.

To install iptables:

yum install iptables-services

Set iptables to run on startup:

systemctl enable iptables

IPTables is now ready to be used For example, you can block an external IP with the following command:

iptables -A INPUT -s 192.168.0.10 -j DROP

To save rules permanently use the following command:

service iptables save

Disable Root Login over SSH

Disabling root login locks down a common source of brute-forcing. Attackers will now need to know a unique system user and password before gaining entry to your server.

To disable root login, follow these steps:

Add a user which will have SSH access and set the password:

useradd billjohnson
 passwd billjohnson

Add this user to have sudo access to run root commands:

visudo

Add the following line to this file and save it, replacing username with the user:

username ALL=(ALL) ALL

Open the following file in a text editor

vi /etc/ssh/sshd_config

Locate the following line:

#PermitRootLogin yes

Change it to the following:

PermitRootLogin no

Add the following line, then save and close the file:

AllowUsers username

Restart SSH:

service sshd restart

Root access is now disabled over SSH, providing additional server security from intrusion.

Set Secure Password Policies

Enforcing strict user password rules is a great way to ensure you are not vulnerable to system entry through the use of weak passwords.

Update the following file to set stricter password controls:

vi /etc/security/pwquality.conf

Conclusion

There are hundreds of ways to secure a Linux server. We’ve outlined a few of the popular ones, but every application is specific. If you have a complex project, consider using our server management services. We provide complete server hardening and proactive monitoring to keep your server running at its best.