20 Linux Server Security Hardening Recommendations (i)

Linux server security is important for protecting user data and intellectual property, while also reducing the time you face hackers. At work, the system administrator is usually responsible for the security of Linux, and in this article, 20 recommendations for hardening Linux systems are described. All of the recommendations in this article are based on the release of CentOS, Rhel systems, or Ubuntu/debian. #1, encrypted data communication mode. All data transmitted over the network can be monitored, so it is possible to encrypt your communications data using passwords, certificates, and so on. 1. Use SCP, SSH, rsync or sftp for file transfer. You can also use a special SSHFS or fuse tool to mount a remote file system or your working directory. 2. GnuPG provides a feature-rich certificate management feature that allows you to sign data and transfer it. 3, Fugu is a graphical sftp file Transfer tool. SFTP is similar to FTP, but unlike FTP, the entire session is encrypted, which means that passwords are not sent in clear text. Another option is FileZilla, a cross-platform client segment that also supports FTP, FTPS, and SFTP. 4, OpenVPN is a lightweight, low-cost SSL VPN. 5, Lighttpd SSL (Secure Server Layer) Https installation and configuration. 6. Installation and configuration of Apache SSL (Secure Server Layer) Https (mod_ssl). #1.1. Avoid using FTP, Telnet, and Rlogin/rsh services in most network configurations, usernames, passwords, Ftp/telnet/rsh commands, and transmitted files can be monitored by anyone in the same network segment using packet sniffing software. The usual solution to this problem is to use OpenSSH, SFTP, or FTPS. The following commands can help you remove unnecessary services from the server. # Yum Erase inetd xinetd ypserv tfpt-server telnet-server rsh-server #2, minimize Software Installation principles. Do you really need all the services installed on the server? Avoiding the need to install unnecessary services is to avoid hoppers. Use RPM package management tools such as Yum or Apt-get, dpkg to check the packages installed on the system and remove unnecessary packages.

1 Yum List Installed 2 Yum List PackageName 3 Yum Remove PackageName 4  5 or 6  7 # dpkg--list8 # dpkg--info  packagename9 # Apt-get Remove PackageName

only one service is running on #3, per system, or instance. Run different services on separate servers or virtualized instances. For example, if a hacker hacked into the system, he could access MySQL, e-mail, and other services deployed on the server, and try not to do so. #4, keep the Linux kernel and software updated. One of the important tasks in maintaining the system is to install the system patches in a timely manner. Linux provides a number of necessary tools and methods to ensure system updates, all security updates should be implemented as soon as possible, and 2nd, we can use Yum, apt-get and other tools to carry out security updates.

1 Yum Update 2  3 or 4  5 # apt-get update && Apt-get upgrade

You can configure the update prompt message (Red hat, CentOS, Fedora) in the system, or another way to install all the security updates through a cron scheduled task. #5, use Linux security extensions. Linux provides a variety of security patches that can be used to protect against misconfiguration or compromise scenarios. Use SELinux and other Linux security extensions whenever possible to enforce network and program restrictions. For example, SELinux provides a security policy for the Linux kernel. #5.1, SELinuxSELinux provides a flexible set of access controls (Mac:mandatory access control), labeled MAC Next application or process that runs under a user with associated permissions. Using your Mac's kernel protection can protect your system from malicious attacks from your system. More trusted information can be viewed in the official SELinux instructions configuration document.

Resources:

1, http://www.cyberciti.biz/tips/linux-security.html

20 Linux Server Security Hardening Recommendations (i)