Four methods to make your Linux server more secure

Source: Internet
Author: User

Four methods to make your Linux server more secure

I run several Linux servers. One file server at home and three real-time servers are used for site, email, and cloud storage respectively. Although I don't have to worry about the security of my home server because it doesn't talk to the outside world, the other three servers always need maintenance. For new Linux users who want to run their own servers, they must keep some ideas in mind. This is the focus of this article.

Install what you need

If you plan to run a server, you may think, "I have 40 gb ssd storage space in Linode, so I can install any services I want ." Indeed: Your servers and software can be installed on them. But do not take it for granted. Even the hardest server can be hijacked by using unpatched or vulnerable components on it.

So the first rule is to keep your server simple and make it mean something. Only install the software you actually need. Clear unnecessary software if necessary. Less software, less code without patching. Before you install any software or dependency packages (for example, private cloud), you should read the documentation of private cloud and only install the packages you need.

Run what you need

The second rule is to run only the services you need. Many releases or software packages may enable specific services on different ports. This may cause some security risks. Open the terminal and run the following command:

Netstat-npl

The output will tell you which ports are running and which services. If you find that you do not intend to run any services, stop them. You should also pay attention to the services that start and run as soon as the system starts. Run systemd on the system to check these services. Run the following command:

Systemctl list-unit-files-type = service | grep enabled

Based on your own system, you will get an output result shown in 1. If you want to publish any services you do not want, you can run the systemctl command to close them:

Systemctl disable service_name

Server entry restrictions

Just as you won't give the key to your home door to everyone you know, and you shouldn't let people you know enter your server at will. Once this rule is clarified, you must restrict access to the server. Remember one thing: Doing this won't stop those who stick to paralyzing your servers. What we do is to increase the security level of the server to cope with accidental attacks by attackers.

Security-and-linux-security

Never log on with Root permission

It is not a good habit to remotely log on to your server as a Super User. We will disable remote login to the server as the root user, but before doing so, let's create a user with sudo permissions so that you can remotely log on to the server and execute administrator tasks. Once you log on to the server as a user, you can always switch to the root permission whenever you need it. If you already have a user on the system, skip these steps. Otherwise, continue with me.

The method for adding new users to different releases is different. Red Hat/CentOS uses the useradd command and Ubuntu/Debian uses the adduser command.

Create a new user on Fedora/CentOS:

Useradd swapnil

Create a password for the user:

Passwd swapnil

The command will allow you to provide a new password for this user. Now you have to grant sudo permissions to this user. Run the following command:

EDITOR = nano just do

Find the following line (Figure 2 ):

# % Wheel ALL = (ALL) ALL

Canceling a comment (# indicates a comment; deleting # indicates canceling a comment) is like the following:

% Wheel ALL = (ALL) ALL

This article permanently updates the link address:

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.