Linux Server Hardening Checklist

The recent aftermath of Ransomware – malware has raised many questions on server security. Many companies are still trying to harden their security server from future cyber threats. Linux is on a different level as it is better than other operating systems in keeping your server safe from any virus attack. There are many ways to improve your security server.  Server hardening helps in enhancing security with a variety of different ways to keep the server safe and secure.

These are some of the following tips for Linux server hardening given below.

1. Modifying the SSH port

For hackers, it is easy to find the SSH port which is usually 22. If you want to enhance Linux server security,  change the port to something else after checking only if this port is still in use by another service. It will be hard for the cybercriminals to do any harm into your server.

2. Software Updation

For improving your Linux server security, there are some tools for managing and updating the software. Just like, YUM (Yellowdog  Update Magnifier) is the main tool for updating the software in Red Hat Enterprise Linux version 5 that is also used on your Linux server security. Make sure to update the software to keep your server safe.

3. Setting up  a  Firewall

A firewall is a defense mechanism against cyber attackers. There are some firewalls like CSF and APF that are widely used from spoofing, with plugins from cPanel web hosting control panel.

4.  Installing Antivirus/Antimalware Software

A firewall alone may not help in server security. Antivirus/Antimalware software helps in ensuring proper security, though it may be costlier it is an essential tool for server security. There are few antivirus/antimalware software which is available in free as well as a paid version. The paid version has more features to enable in securing your server. Many of the users consider Norton Antivirus which are open source helps in securing from potential threats in your server.

5. Security-enhanced Linux (SELinux)

It is a set of Linux kernel security module that offers support in access security controls includes MAC (Mandatory access controls). MAC helps in protecting the system from malicious applications.

6. Backup your Linux system

Backup your system in case of any system failure, there is always an uncertainty which one cannot expect to happen anytime. It is a precautionary measure taken before any potential threat happens. Most of the users consider cloud backups to restore their data in the backup hard drives of their system. This may be a bit expensive but also worth it for the security of your system.

7. Rootkit Scanner

Collection of malicious software which enables access to the computer system is known as Rootkit. Usually, these are not easy to detect even with few security measures. In some cases, the users access their server without realizing if any threat is lurking in your system. To get rid of Rootkit,  using an open source tool, i.e. chrootkit is to detect if there is a rootkit in your server,  it clears out once you have to reinstall the operating system.

8. Terminate Anonymous FTP uploads

Very few web hosting application automatically terminate anonymous FTP uploads, but in some case, it is re-enabled. If you are allowing someone to upload incognito using FTP, then it is a high chance of security risk in your Linux server which will be vulnerable for cyber threats. There is a better option to turn off anonymous FTP uploads by changing the FTP configuration settings in your server.

9. Restrict reuse of Password in Linux user accounts

It is essential to have a strong password whenever you are creating the user account for better security. Create a password as per the given condition. For example, it should at least have eight characters long including alphabets, numbers, lowercase, uppercase, and special characters, etc. Make sure that to remember the password you create. Change your password more often and use a different password for websites you are using. Every user should make sure not to share any account information such as passwords or jot down anywhere to memorize it.  Remember never to reuse the password once already used to increase your server security.

10. Configure BIOS (Basic input/ output system)

To protect Linux physical server security, configure BIOS and disable booting of external services such as DVD/USB/CD, etc. from your system. There should be some security checks before anyone accesses your server, due to this all data is stored in IDCs (Internet Data Centers).

11. Disk Partitions

Separate Operating system files from user files and other programs will help to partition your to boost your server security. Also, disable SUID/SGID access on the operating system for disk partition.

12. Auto-Updating CMS  

There are many popular platforms of CMS such as WordPress, Joomla, Drupal, etc., though the content developers are constantly working to fix the security bugs. Updates are important to boost your server security. It is necessary to activate auto updates of CMS as it will reduce the worry of any potential internet threats. It ensures the security of your system as well as the server.

13. Use SSH File Transfer Protocol (SFTP) instead of FTP (File Transfer Protocol)

If you are trying to encrypt your connection, still FTP is not a safe option for it. Though there will be a constant fear of packet sniffing, that is when someone else logs into your network connection. Even if the user credentials are encrypted, which does not give much help in securing your server.

14. Switch off IPv6 to boost Linux server security

Even though IPv6 is considered better than IPv4, still it is vulnerable from getting hacking threats. Turning off IPv6 will close the malicious web threats by changing the setting of your server for security purposes.

15. Delete unwanted module and packages

While downloading any module or packages for your Linux server, there may be a potential threat which is still undetected in the process. Make sure to get rid of such threats, and the server will be working in a good way.

16. Remove X Window systems

There is no requirement of X Window systems on the server.  As far as concerned in a Linux based system,  disabling X Window system to improve your server security.

17. Enable Disk Quotas

In Linux, it allows having maximum disk space for the system administrators.

18. Use GnuPG encryption for web host security

There will be many numbers of an opportunity of attempts by the hackers to intercept the data from the Linux server. To avoid snooping on your passwords, certificates and keys, make sure to use the encryption tool like GnuPG so that nobody gets hold of your confidential data.

19. Installing NIDS (Network Intrusion detection system)

By installing NIDS, it helps to detect any malicious activity on your system like Dos (Denial of service attacks), scanning ports and also monitoring your computer web traffic. It helps in securing data from any cyber leaks.

20. Use network authentication protocol

Kerberos is used as a computer network authentication protocol to read insecure network. It prevents unauthorized entry of users attempting to cater your confidential data from the server.

21. System auditing

With the help of auditd, it allows system administrators to detect any unauthorized access on your server. Make sure to change the setting such as audit log file location and many other options to record events in your system.

This is a long checklist, and many web servers work to keep the server secure. Many businesses find it challenging to accustom with the latest versions of server related tools. There is a high chance of confidential data leak if there is no proper security system of your server.

There are very few companies which provide system hardening services for many businesses like HeySupport, which offers all kinds of services relating to web hosting, server maintenance with an expert team of engineers in giving technical assistance whenever required.