Experienced a Breach?
NEED IMMEDIATE ASSISTANCE?
Our emergency incident respose team is available 24/7.

Call Us: 844-HACK-911

7 Tips to Securing your Linux Web Server

Continuing with National Cyber Security Awareness Month, here are some important tips to help secure your linux server. This guide geared towards entry and mid-level server admins and aims to provide a punch-list of things that can be done to secure your Linux web server.

1. Disable unwanted services and ports

The first is disabling any unnecessary ports and services. I like to have Linux builds with an absolutely bare baseline configuration. This also includes setting up strict IPTables firewall configuration to block any traffic outside of what I am expecting. This may seem redundant, but it can act as a secondary mechanism to block ports that have maliciously come back online.

Disable services

Checking for unused ports

2. Disable your Root Account

Root account access should almost never be enabled. Instead, enable SUDO for specific users. You should use sudo to execute root level commands as and when required. SUDO greatly enhances the security of the system without sharing root password with other users and admins. SUDO also provides simple auditing and tracking features.

we’ll need to edit the sshd_config file, which is the main configuration file for the sshd service. The location will sometimes be different, but it’s usually in /etc/ssh/. Open the file up while logged on as root.

Find this section in the file, containing the line with “PermitRootLogin” in it.

Make the line look like this to disable logging in through ssh as root.

Now you’ll need to restart the sshd service:

3. IPTables

IPTables is a firewall which can be used to allow or deny traffic through your server. For more information, please take a look at this article on setting up IPTables.

4. Fail2Ban

Fail2Ban is an opensource tool for detecting and blacklisting brute force login attempts.

Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs — too many password failures, seeking for exploits, etc. Fail2Ban comes out of the box with filters for various services (apache, curier, ssh, etc).

5. Blacklist known bad IPs & prevent DDoS with Artillery

Project Artillery is a great open source linux app written by TrustedSec. Artillery will setup multiple ports on the nix system and if anything touches it will automatically blacklist them. In addition, it monitors the filesystem for changes and emails the changes back to you. Artillery has the ability to setup a honeypot, which will give attackers and malware the appearance that specific ports are open. Once those ports are accessed, the IPs are blocked. This is a great way to filter out attackers and botnets.

Another great feature of Artillery is the global blacklist. If you don’t want to wait around for people to try and attack you, you can automatically block IPs based on the global banlist.

Read more about Project Artillery here.

6. Scan your configuration with CIS

CIS (Center for Internet Security) provides a number of standards for checking your configuration settings. CIS provides the standards free of charge in PDF format. CIS also provides a paid tool which will scan your machines and generate a report of which settings/services fall outside of compliance. CIS’ free tool will allow you to scan your systems and report on any configuration settings which are not securely set.

7. Update / Patch your System

Keeping your software up-to-date is a critically important function. How long would you let your car go without changing the oil? Software that is not kept updated (patched) runs a high risk of creating exploitable weak-points in your security.

For more information, please review our recently published an article on the importance of keeping your system and software up-to-date.

You Might Also Like

Contact Please fill out the form below and we will contact you ASAP. For emergencies, please call 1-844-HACK-911
  • Reason for Contact