Linux is one of the most powerful operating systems, with a market share of 2.35%. However, not just as an operating system Linux is also why we have a platform like Android. Therefore, there is no denying that securing Linux servers from hackers becomes crucial to ensure our applications and websites are safe.
Reportedly, there were more than 13 million attacks on Linux between June and July 2021. Therefore, there is no denying that keeping Linux secure is already challenging for many businesses. Here, we will discuss some tips to protect your Linux server against cyber-attacks.
Let us first understand Linux briefly before discussing the steps needed to secure it.
What is Linux?
Linux is an open-source operating system that manages different aspects of the system’s resources like CPU, memory, and storage. Its command line provides you direct access to the system’s configurations.
You can ask the software to perform specific actions using the hardware resources. In other words, Linux provides unrestricted access to the system to execute certain steps.
Now that we have discussed the basics, it is time to start the beginner’s Linux server security guide.
Linux server security guide for beginners: 7 essential tips to follow
Below is a Linux server Security Guide for Beginners. One of the essential steps to ensure Linux server security is to upgrade your systems and OS to the latest release.
1. Update the Linux server
Security patches are one of the significant elements of release packages for any operating system. Therefore, if you do not update the server and operating system, it may lead to cyber-attacks. The latest releases by Linux ensure that your system does not have inherent vulnerabilities. Another critical aspect is the changing cyber threats that need regular updates and specific measures to converter them.
Here is how you can update the Linux server,
If you are using Debian and Ubuntu, use the following command for updates,
$ sudo apt update && sudo apt upgrade -y
Similarly, for other OS versions like Fedora or RHEL, use the following command line,
$ sudo dnf upgrade
Updating the server is a good practice, but you also need to avoid installing unnecessary Linux packages.
2. Install packages wisely
Linux comes with preloaded packages and allows you to add more according to your requirements. For example, during the installation process, you can opt to install additional packages like Open SSH server, DNS server, LAMP stack, and more. In addition, Linux server distributions provide common packages according to the version you install.
Further, you can add more packages through Linux’s package management system. In addition, several official repositories from Linux provide packages for installation. You can also add.
- PPAs (Personal Package Archives)
- Repositories created by other Linux users
- Other open source repositories
Here, it is essential to understand that third-party repositories and packages can have vulnerabilities that affect your Linux server. Therefore, if you ask a cybersecurity professional, “How to protect your Linux server from hackers?” one thing they will ask you to do is avoid the installation of unnecessary packages.
3. Manage administrative access
Linux comes with the facility of root login for administrative access. The root acts as a super user that has escalated administrative access. Cyber security hackers leverage different social engineering practices and backdoor vulnerabilities to gain root access. Due to elevated permissions, they can change the credentials and gain control of the system.
The best way to avoid such attacks and ensure the safety of the Linux server is to disable the root login. It is one of the critical aspects of the Linux security guide for beginners, as disabling the root login will require creating a new account. Once you create a new account assigned, it elevates sudo access for installation of packages on the Linux server.
However, you need multi-factor authentication to ensure the newly created account is secure.
4. Configure two-factor authentication
Two-factor authentication 2FA provides an extra layer of authentication for your login credentials. In other words, the system extensively verifies your identity before allowing access to the server.
2FA involves two layers of authentication; one layer is your email and password, while the other is a physical SMS or passcode sent on a personal device like a mobile. Two-factor authentication can help you avoid cyber-attacks caused by backdoor access or root login issues.
Another key measure that you can take to secure a Linux server from hackers is adding an SSL certificate.
5. Install SSL certificate on Linux server
SSL certificate helps secure the communication between server and browser. Digital certificate can help you secure Linux servers from hackers and ensure that data is protected. SSL certificates use cryptographic encryptions to protect the server against man-in-the-middle attacks.
You can request SSL certificates from certificate authorities or CAs. You need to generate a certificate signing request or CSR from the Linux server for the SSL certificate. Here is an OpenSSL command line that you can use to generate CSR,
$ sudo apt install openssl [On Debian/Ubuntu]
$ sudo yum install openssl [On CentOS/RHEL]
$ sudo dnf install openssl [On Fedora]
$ openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr
CA will verify your identity, and other details are vetted. Further, on the successful vetting process, the SSL certificate is issued. You can download the SSL certificate and add it to the Linux server to secure it.
Many leading CAs offer secured SSL security like Comodo SSL, RapidSSL certificate, DigiCert SSL certificate, and Thawte SSL certificate. For example, if you want to install an SSL certificate on a Linux server. You need to create files for cert and CA Bundle from the SSL directory as follows,
Further, put the cert and CA Bundle in the SSL files as follows,
ln -s -f domain.com.csr.20130520 mydomain.com.csr
ln -s domain.com.crt.20130520 mydomain.com.crt
ln -s domain.com.cabundle.2013520 mydomain.com.cabundle
ln -s domain.com.key.20130520 mydomain.com.key
Now restart the server, and the SSL certificate is installed. Your Linux server is secured now against MITM attacks.
6. Enable firewall
Firewalls act as a barrier between the network traffic and the server. Especially if you are using a remote connection, having a firewall becomes key to reducing exposure to Linux servers. Therefore, you can install a firewall and configure it to allow secure network traffic. You can use the following command line to install a firewall,
$ sudo apt install fw
There are firewalls with default features to deny any incoming traffic other than the one that you have specified. However, you can also allow applications on your Linux system to access the internet but configure the firewall to block all traffic to the server.
First, ensure you can log in through SSH access,
$ sudo fw allow ssh
$ sudo fw allow HTTP
$ sudo fw allow HTTPS
Now enable the firewall through,
$ sudo fw enable
Next, if you are facing issues with unsafe traffic, here is a best practice from the Linux server security guide for beginners.
7. Remove specific services
All the Linux server distribution versions and OS come with network-facing services. These services are enabled by default, and you may not want to remove them. However, you do not need all the network-facing services and can remove some of them. Here is a command that you can use to remove unused or specific services,
$ Sudo apt purge <service_name>
Securing your Linux server is essential due to increased cyberattacks. However, due to the modernization of systems and changing methods of cyber-attacks, keeping up with Linux security challenges can be tricky. You need specific security measures to ensure the system’s protection. Therefore, if you are wondering how to protect your Linux server from hackers, here is a compilation of critical security measures you can use. However, which method to use depends on your system and business requirements.
- Also Read: Linux-based operating system smartphone.