In this article we will talk about the best practices for linux server security and hardening to protect our servers from any security incidents
Introduction
The World runs on Linux !! As we know it — it took over the digital world early on and hasn’t let up since then. This is why Linux server security is crucial to data security.
Linux server hardening is a set of measures used to reduce the attack surface and improve the security of your servers. Hardening can be done on different levels, from the physical level, by restricting the access of unauthorized people, to the application level, by removing unwanted software listening on incoming connections.
Let us check what are those list of best practices that can be implemented on our linux servers. We’ll also include tips on logging, auditing, and compliance best practices. All of these help with early detection in the event that your servers are compromised.
Use of Strong passwords
We should always prefer to have a minimum length of at least 12 characters, plus requirements for using special characters or upper and lowercase letters. The same password should never be used for multiple users or software systems. Disable accounts with empty passwords and ask users to set passwords for their accounts. Also disable the root account. Use of sudo should be promoted as it provides better auditing and control.
Several excellent password managers are available for the Linux platform. Many of these offer crucial features, such as:
- Two Factor Authentication,
- Password generators, and
- Cloud password storage.
Using Key based Logins for SSH
While strong passwords can make a difference, even stronger methods of logging into private servers are available. SSH key pairs, in particular, are worth implementing because these systems are far more difficult to hack through brute force.
This enhanced security can be attributed to the encryption utilized by both the server being logged into and the computer being used. At a minimum, an SSH key pair represents the equivalent of a 12-character password. In reality, however, the vast majority of SSH key pairs are even more complex. For this reason, SSH key pairs should be one of the first measures implemented when adopting a proactive server security strategy. Let us briefly check how can we generate an SSH key
Run the below command to generate the key
ssh-keygen -t rsaYou will be prompted to save the key at a desired location. You can also hit “Enter” to go with the default
Enter file in which to save the key (/home/admin/.ssh/id_rsa):This should generate a pair of key – Public and private. While the private key you can retain with your host and the public key can be copied to the remote host. Now when you login next time from your host to the remote host it would use the SSH key for logging in
Regular Patch updates
The Linux must be regularly patched/upgraded to the latest version of their release to make sure the vulnerable packages does not provide a passage for a security incidents. Without prompt updates, software can become exploitable and easy for hackers to use to gain access.
One can use the command line to upgrades your linux system
For Debian & Ubuntu
sudo apt-get upgrade -yFor RHEL based servers
sudo yum update -y Enabling Automated patches
The best way to make sure the server is updated at any given point of time once the updates are available is to enable the automated patch updates . Enabling automatic updates ensures that software security measures remain current, even when you neglect to pursue necessary updates because you’re occupied by other concerns.
Best option that I can think of is using the unattended upgrades feature. This keeps the system updated when you cannot do so yourself but requires some element of monitoring.
If you opt for unattended upgrades for Debian, begin by installing the package followed by configuration
sudo apt-get install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgradesFor RHEL based machines
sudo yum install yum-cron
sudo systemctl enable yum-cron.service
sudo systemctl start yum-cron.service
Avoid Unnecessary packages
Operating systems often come preloaded with software and services that run constantly in the background without notice. To enhance the security of your servers, list all packages and software installed on your servers using your package managers (apt, yum, dpkg).
Avoid Installing the GUI if it is not required instead make use of “Minimal Server” which install the basic packages while installation and then you can additionally install the packages whenever required or as per need. Security vulnerabilities in such software can lead to compromised servers, so make it a practice to uninstall unnecessary programs.
Logging
Keeping detailed logging and auditing enabled for your servers is crucial. These logs can later be used to detect any attempted intrusions. Also, in case of intrusion, these logs will help you gauge the extent of the breach and offer insight for a blameless postmortem of the incident. Syslog logs all the messages in /var/log directory by default.
SELinux
Security-Enhanced Linux, or SELinux for short, is a built-in access control mechanism. For systems connected to the internet and accessed by public users, disabling SELInux can be catastrophic for your servers.
SELinux operates in the following three modes:
- Disabled: SELinux is completely off. You should avoid this mode at all times.
- Permissive: In this mode SELinux doesn’t enforce any policy, but logs and audits all actions. This can be used while configuring the machine and installing the services to ensure all services are running, but you should switch to Enforcing as soon as configuration is done.
- Enforcing: This mode is most secure and enforces all policies. This is the default mode of SELinux and is also the recommended mode.
Firewall Services
Using Linux iptables/firewall to keep a tab on incoming, outgoing, and forwarded practices can help you secure your servers. You can configure “allow” and “deny” rules to accept or send traffic from specific IP addresses. This restricts the unchecked traffic movement on your servers.
Also, make sure you minimize the open ports . Open ports may reveal network architecture information while extending attack surfaces. One must only use the Therefore, ports that aren’t absolutely essential should be closed with haste. The netstat command can be used to determine which ports are listening while also revealing the details of connections that may currently be available.
Backup & regular test
Security is not just about preventing the incident but it also looks to minimize the damage during any such intrusion. The business need to be brought up as soon as possible and for that we need to ensure proper backups are in place to make sure critical data remains accessible. They are particularly valuable in the event of a ransomware attack.
The application rsync is a popular option for backing up data in Linux. It comes with a host of features that allow you to make daily backups or exclude certain files from being copied. It is notoriously versatile and, therefore, a great option for a vast array of Linux server security strategies. Feel free to use it on a local basis for backing up files — or go further by configuring it to sync to various hosts across the internet.
To install rsync on CentOS, use the command:
sudo yum install rsyncFor Debian / Ubuntu
sudo apt-get install rsyncAnd of course these backups are most effective when they’re tested regularly. Testing verifies that backups contain the right (and most current) files and can be recovered easily in the event of data loss. If you’ve recently completed a manual backup, use the “lastbackup” command to find details.
Security Audits
With all the best practices and hardening highlighted above which can provide more peace of mind as you strive to improve your Linux server security, additional threats could be right around the corner. Even the most secure server will eventually become vulnerable to new hazards if not updated on a regular basis. Software upgrades are crucial, of course, but security audits can uncover other adjustments that are worth making. Without regular audits, it’s impossible to know where gaps exist or how they can be addressed to ensure that your server remains fully protected.
Conclusion
With the increase in the Linux servers across the globe the frequency of Linux attacks is also increasing. These increased threats make hardening a worthwhile task. Contrary to popular belief, Linux is not inherently safe and should be hardened to safeguard your instances. The tips and methods discussed in this article are not exhaustive but they do cover hardening from a wide perspective. Hardening your Linux instances doesn’t mean that you’re safe from every malicious attack, though, it just reduces the attack surface. Please make sure you are aware of the recent incidents happening around the world and subsequently the discussion over the different online forums which would give insight of complying with the recent security threats.