[Updated] VPS server security is an issue that you should pay special attention to. Linux VPS servers have many advantages. In fact, Linux VPS is more secure than other operating systems such as Windows because LSM (Linux Security Model) is installed. But this system is not enough and can not completely secure your VPS server. In this article, we are going to learn How to secure Linux VPS with 20 ways to create more security on a Linux VPS server. You can visit the packages available in Eldernode to purchase a Linux VPS server.
Table of Contents
Tutorial Secure Linux VPS Step By Step
By default, Linux has better security than its competitors, but there are still vulnerabilities that need to be addressed. We have a saying in Eldernode that a good server is a secure server. That’s why we offer you solutions so that you can block the access that hackers use to infiltrate the site and access your information.
The techniques we learn today to make Linux more secure do not require much expertise to set up, and you can easily use these methods. Please follow this tutorial to learn 20 ways to increase security on Linux servers.
Learn Secure Linux VPS with Quick method
Disable the login with the root user (Secure Linux VPS)
Want a secure VPS? You should never log in as a root user.
By default, each Linux VPS server has a “root” as the primary username. As a result, hackers try to obtain and access the password of the brute-force attacks they carry out. Disabling the login from the “root” username adds another level of security to your server and prevents hackers from entering the root user.
Instead of logging in as a root user, you will need to create another username and use the “sudo” command to execute root level commands.
Sudo is a special access right that can be given to authenticated users so that they can execute administrative commands and eliminate the need for root access.
Note: Before disabling the root user, make sure that you specify the user permissions that you intend to use.
When you are ready to do this, open the command in nano or vi in the server console and find the “PermitRootLogin” parameter. By default, its value is equal to “yes“. Change it to “no” and save the changes.
Change the SSH port (Secure Linux VPS)
The first port hackers use to connect to your SSH server is port 22. If you change this port, you have largely blocked their access to SSH. To do this, you need to open it to put the appropriate settings in this section.
Note: Of course, before doing this, make sure that the port of your choice is not used by another service on the server.
Keep the server software up to date
Keeping the server software up to date is not difficult.
You can easily use rpm/yum or apt-get (Ubuntu / Debian) package manager to update newer versions of installed software, modules, and elements. You can even configure the operating system to send yum package update alerts via email. This makes it easier to keep track of changes. If you want to automate tasks, you can set up a cronjob to apply all the security updates on your side.
If you use panels like DirectAdmin or Cpanel, you should always update them. Of course, most of these panels have automatic updates and are not a cause for concern. You should always install security patches at the earliest opportunity, as the risk of infiltrating your server will increase over time.
Disable unused network ports
Open network ports that you do not use are a good target for hackers. Closing them protects you from attacks.
Use the “netstat” command to show you all the open network ports.
Use the iptables settings to close all ports, or use the chkconfig command to disable unwanted services. If you are using a firewall such as CSF, you can automate iptables rules.
Delete unwanted modules/packages
You probably have services on your server that not all of your Linux servers need. Note that any service you remove from your server will alleviate some of your security concerns, so make sure you use the services on your server that you really need.
Note: Be sure to avoid installing unnecessary software in the future to avoid security problems.
Disable IPv6
IPv6 has many advantages over IPv4, but it is very unlikely that you will use it because few people use it, but hackers use IPv6 a lot.
Disable IPv6 if you are not using it. They usually send malicious traffic over IPv6 and abandoning the protocol puts them at risk. To resolve this issue, click edit /etc/sysconfig/ network and update the settings so that they read NETWORKING_ IPV6 = no and IPV6INIT = no.
Use GnuPG encryption
Hackers usually target data when data is being transmitted over the network. This is why it is essential to encrypt transfers to the server using passwords, keys, and certificates. GnuPG is a popular tool, a key-based authentication system used to encrypt communications. This system uses a “public key” that can only be decrypted by a “private key” that is only available on the recipient side.
Set a strong password
A weak password is always a big threat to security. Do not allow your server users to use weak passwords that are easily found. To choose a password, it is better to use uppercase and lowercase words, numbers, and symbols. You can also specify a specific time period so that the user must change the password after that time. Also, use the “faillog” command to set the login failure limit and close user accounts after failed attempts to protect the system from brute force attacks.
Firewall configuration
You need a firewall if you really want to have a secure VPS. NetFilter is a firewall integrated with the Linux kernel that you can configure to filter out unwanted traffic. With NetFilter and iptables, you can counter denial of service (DDoS) attacks.
Note: Firewall adjustment is not enough, make sure it is configured correctly.
TCPWrapper is another useful application. A host-based access control list system is used to filter network access for various applications. It also offers hostname authentication, standardized logging, and spy protection, all of which help increase your security.
Other popular firewalls include CSF and APF, both of which have plugins for popular panels such as cPanel and Plesk.
Use disk partitioning
To increase security, it is a good idea to partition the disk to separate operating system files from user files, tmp files, and third-party programs. You can disable SUID / SGID (nosuid) access and run binaries (noexec) on the operating system partition.
The boot is just reading
On Linux servers, all kernel files are stored in the “/boot” directory. But the default access level for this directory is “read-write“. To prevent unauthorized changes to boot files that are critical to your server’s performance, change the access level to “read-only“.
To do this, simply edit the /etc/fstab file and add the defaults to LABEL =/boot/boot ext2, ro 1 2 at the bottom. If you need to change the kernel in the future, you can easily reset it to “read-write” mode. You can then make changes and return it to “read-only” mode when you’re done.
Use SFTP instead of FTP
The FTP file transfer protocol is no longer secure, even when using encrypted “FTP over TLS” (FTPS) connections.
Both FTPS and FTP are vulnerable. When a computer program intervenes and monitors network traffic. FTP is clean, and FTPS file transfers are clean, meaning only certificates are encrypted.
SFTP, which is “FTP over SSH” (also called “Secure FTP”), completely encrypts all data, making your server secure.
Use of firewall
Your firewall is a gateway that both allows and blocks access to the server and is your first line of defense against hackers. Installing and configuring a firewall is the first thing you need to do when installing and securing a VPS or bare metal server.
Install antivirus software
The main function of a firewall is to prevent access to server information and is your first line of defense against hackers, but no firewall is completely secure and any malicious software can bypass it. For this reason, other security measures are needed.
Many server administrators do not install antivirus on their servers because they find it limiting. They do not do this because the installation of these antiviruses requires a bit of expertise and cost. Because these people do not want to pay for the security of their server. But if you do not have enough money to buy paid antivirus, you can use free versions like ClamAV and Maldet that can scan your server and show you suspicious files.
Automatic CMS update
Hackers are always trying to find security holes. Especially in content management systems, the most famous of which are Joomla, Drupal, and WordPress, where most websites use these content management systems for their site.
Most developers of these CMSs release a lot of security updates. Of these content management systems, WordPress releases the most updates. This content management system also allows you to update automatically with the release of a new version. If you are using an older version of WordPress, update it now to prevent hackers.
Activate cPHulk in WHM
In addition to the firewall, cPanel has a “cPHulk” brute force security system. Firewalls are not without flaws, and sometimes they make mistakes, and hackers can infiltrate them, which is often due to incorrect firewall settings.
Meanwhile, cPHulk acts as a secondary firewall, preventing brute force attacks on the server. cPHulk first blocks the login feature and the firewall later blocks it and blocks the entire IP. To enable it, you will need to go to the WHM Security Center and select the cPHulk Brute Force protection. This is another step in the security hardening process.
Prevent anonymous FTP upload
cPanel and Plesk both disable anonymous FTP uploads by default, but other services can be enabled by default.
Allowing anonymous users to upload via FTP is a major security risk. Because it allows anyone to upload whatever they want to your web server. As you can imagine, this is not recommended at all, it means you give your keys to a thief.
Note: To disable guest uploads, edit your FTP server configuration settings.
Install a rootkit scanner
One of the most dangerous malware is a rootkit. Rootkit exists at the operating system level, below other normal security software, and allows undetected access to the server. Fortunately, you can use chrootkit, an open-source tool, to find out if your server is infected. But rootkits are not always easy to remove, and the best way to remove them is to reinstall the operating system.
Back up regularly
There are many people who forget to back up regularly and regret it when something goes wrong and they do not have a copy of their data. No matter how careful you are, and no matter how secure your server is, there is always the possibility of error and trouble.
Never take dangerous risks such as not backing up and do not depend too much on your host to do so. Save copies to different locations, and consider using backup space or Google Drive.
Use a strong password
It has been said everywhere, but listen again. Poor passwords are a security threat to your Linux server, but the same goes for Windows servers! Try to choose a complex password, a password made up of uppercase and lowercase letters, different numbers and symbols are very good. Try to choose your password as long and complex as possible.
Note: CPanel and Plesk can both apply strong password policies and expire passwords periodically.
Conclusion
Web server infrastructure problems can be very bad. There are millions of hackers around the world working on the smallest vulnerabilities in your VPS. You need to secure your VPS against these threats because sooner or later hackers will come to you. Corporate websites and online stores are the best targets for hackers around the world. Although most companies have basic security standards, they are usually easily compromised. In this article, we tried to learn How to secure Linux VPS using 20 methods.
What is a proxy server?
In short, a proxy server is a server that sits between an application such as a web browser and a real server. A proxy server with a gateway server (a gateway that connects two networks that are not similar) separates the corporate network from external networks. The firewall on it also protects the company’s network against hackers.
Please explain how to enable the allow_url_fopen and allow_url_include functions on the server.
To do this, if you have a cPanel control panel for your server, you can easily enable these two items for all php versions by going to the multi php ini editor section.
And if you do not have a control panel, you must open your php.ini file via ssh and put the following command in it:
allow_url_fopen = On
allow_url_include = On
How can I increase the entry process value on a server that has a Cpanel / WHM control panel?
To do this, refer to the following section in whm:
Server Configuration »CloudLinux LVE Manager
Then in the packages section you can edit the plans.
Am I allowed to use special software and disconnect the remote server?
Turning on IP change software causes your virtual server’s IP to not comply with the defined network settings, making the server inaccessible. Of course, in such cases, you can control the server by rebooting the server or accessing the KVM through the access area of your service area.
What is your suggestion for Windows Server Antivirus?
We recommend f-secure, which is used on servers because it is lightweight. It is also recommended to use the original version, which will have a 60-day trial.