Advance

Linux security tips and tricks

Linux security tips and tricks
0
(0)

Most users believe that Linux is secure enough and by default, in this article, we will learn you more about Linux security tips and tricks.

 

Linux security tips and tricks

As one of the most important challenges for a system administrator is the hackers and crackers, We are pleased to explain 8 useful tips and tricks to help you secure your Linux system. Join us to review security keys.

 

How to make Linux more secure

1. Keep System updated

Easy and important! Try to keep the system updated, observe all new releases patches, security fixes, and kernel by running below command.

CentOS

# yum updates  # yum check-update

Ubuntu and Debian

sudo apt-get update
Recommended Article: Install Gnome environment on Debian 8

2. Use unauthorized, complex and unpredictable passwords

First, you should check for any empty password. An empty password is one of the security risks because it makes the accounts hack-able easily. so make sure no one has any authorized access to any account. To check any probably accounts with empty password, use the following command.

# cat /etc/shadow | awk -F: '($2==""){print $1}    

The second way is to use and choose a strong and complex password. as hackers try to break your password by attacking Brutus Force, this step is so important.

Here are some tips to help you choose a complex password.

The numbers of characters should not be less than 8. use a combination of uppercase and lowercase letters and also put numbers between the letters. use non-numeric and letter characters. If you need to change your password, you can use the following command.

passwd username    

If you want to change the root user password follow this command.

passwd root    

3.Disable login with root user

Disabling the login with root user means that you cannot use root user while logging in to the Linux terminal. Follow the steps below to disable the login with the root user.

Open etc / ssh / sshd_config / with a file editor.

nano /etc/ssh/sshd_config

 

Find “yes” in below command and change it to “no”

# Prevent root logins:
PermitRootLogin no

Restart the SSH service file after applying the changes and saving.

service ssh restart

Now if you need a root user, use the su command to switch between users after logging in with other users.

 

4.Restrict user login

You may have many usernames on your server, but only a few need to be logged in. For example, you have 10 users on your Linux, but only Jona and Ruth users can connect to the server remotely. To restrict Linux users, open the sshd_config file with an editor.

nano /etc/ssh/sshd_config    

When you opened the file, find the phrase “AllowUsers” and enter the users according to the following command.

AllowUsers Jona Ruth

Finally, restart the SSH service.

Service ssh restart    

5.Disable Protocol 1

The SSH service works with two protocols, protocol 1 and protocol 2, and protocol 1 is less secure due to its age. So it’s best to use Protocol 2 in your communications. To disable Protocol 1, reopen the sshd_config file with the editor.

nano /etc/ssh/sshd_config

Find the following phrase and change it to Protocol 2.

# Protocol 2,1    Protocol 2

In the second line, change the protocol to 2 and restart the SSH service.

service ssh restart    
Recommended Article: Compare CentOS 8 vs CentOS 7

6. Use non-standard ports for SSH

The default SSH service port is set to 22, but hackers prioritize to scan. In some cases, admins have changed the SSH port to 2222 to make it easier to remember, but you should know that hackers will certainly be able to scan port 22 if they don’t get results. Their second choice is port 2222. So we suggest you use ports with high numbers so that your input port is not easily identified and at the same time it is better not to choose ports that are in the reservation of other services. The best choice is between 10,000 and 65,000, most of them are free.

7. Filter SSH connections with Firewall

If you are always connected to your server remotely and use a specific IP, use the following command to isolate your connection to the SSH service.

iptables –A INPUT –p tcp –s 98.56.233.9 –dport 22 –j –ACCEPT

Note: By entering the above command, you can only connect to the server from a system that has the 98.56.233.9 IP address. But if you want the server to be accessible from all points. Use the following commands.

iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name ssh --rsource  iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT      

In the first command, you open access to port 22 for all IPs. The second command provides intelligent settings that automatically block the applicant’s IP firewall if several requests are sent simultaneously in less than 60 seconds. To run the second command correctly, you must add the default DROP policies.

Note: that if you change the SSH service port, enter your desired port in the commands.

 

8. Use security keys to identify

You will face two main benefits if you use security keys.
1- You can access your terminal without entering the password.
2- You can completely disable entry with password, then no password is required to log in to the system terminal. This feature protects you from possible attacks such as Brutus Force.

 

Dear user, we hope you enjoyed this tutorial Linux security tips and tricks, you can ask questions about this training in the comments section, or to solve other problems in the field of Eldernode training, refer to the Ask page section and raise your problems.

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

View More Posts
Marilyn Bisson
Content Writer
Eldernode Writer
We Are Waiting for your valuable comments and you can be sure that it will be answered in the shortest possible time.

Leave a Reply

Your email address will not be published. Required fields are marked *

We are by your side every step of the way

Think about developing your online business; We will protect it compassionately

We are by your side every step of the way

+8595670151

7 days a week, 24 hours a day