Small measures to improve Linux Server Security

Hackers are often physically active.
With scanners hanging, you can search for undefended hosts, implant backdoors, control them, and sell them to people you need.
Therefore, some basic security measures can avoid being too easy to target. The following is a brief introduction.
Disable remote root login
Root, the default system management account, is the most vulnerable target. It is absolutely necessary to disable ssh remote logon.
Method:
Edit/etc/ssh/sshd_config
1
PermitRootLogin no
Create a personal account for the administrator and assign it to the sudoers user group (% admin by default)
$ Sudo adduser example_user
$ Sudo usermod-a-G admin example_user
Modify SSHD default port
The default port 22 of the remote service SSHD is also the focus of port scanning. modifying it to another port (usually over 1024) can avoid most attacks.
Method: www.2cto.com
Edit/etc/ssh/sshd_config
1
Port 8822 # default 22
 
Use SCP instead of FTP
Although FTP is convenient, its security has been criticized.
In background file management, encrypted SCP can better solve this problem.
SCP uses the SSHD service, so you do not need to configure it on the server. You can directly adjust the account permissions.
In Windows, you can use the software winscp to connect to the server.
Http://winscp.net
 
Install denyhosts
Denyhost can automatically analyze security logs to prevent brute force cracking on suspicious hosts.
Debian users can directly use apt for installation.
1
$ Sudo apt-get install denyhosts
Http://denyhosts.sourceforge.net/
 
Exercise caution in controlling directory and file permissions and use user groups flexibly
For example, if the monitoring program munin needs to access website logs, do not modify the log file permission settings, but add munin to the www-data user group.
1
$ Sudo usermod-a-G www-data munin
 
Use a dedicated account for the System Program
Try to use a dedicated account for each system program to avoid using root
For example, mysql and munin. Use commands such as sudo-u example_user to switch between the execution user and user group.
 
Download putty from official website
Putty is a very popular remote tool on windows, but it is not easy to download.
Download this important and free software from the official website and perform integrity verification.
Official Website: http://www.chiark.greenend.org.uk /~ Sgtatham/putty/
 
Postscript
We hope this will help improve the security of your website.