How to secure a Linux Server

To secure a Linux server, whether managed in-house or by an IT support service like Cloud Knight in Essex, you should follow a structured approach. Here’s a comprehensive guide:

1. Initial Server Setup

• Update the System: Ensure the server software is up-to-date with security patches. Use commands like sudo apt update && sudo apt upgrade (Debian/Ubuntu) or sudo yum update (RHEL/CentOS).
• Create a New User: Avoid using the root account for regular activities. Create a new user and grant sudo privileges.

  adduser username
  usermod -aG sudo username

2. Secure SSH Access

• Disable Root Login: Edit /etc/ssh/sshd_config and set:

  PermitRootLogin no

• Change Default SSH Port: Change the port from 22 to a non-standard port in /etc/ssh/sshd_config.
• Use Key-Based Authentication: Disable password-based authentication:

  PasswordAuthentication no

Generate SSH keys and add the public key to ~/.ssh/authorized_keys.

3. Firewall Configuration

• Enable a Firewall: Use ufw (Debian-based) or firewalld (CentOS/RHEL).

  sudo ufw enable
  sudo ufw allow <port_number>

• Allow only necessary ports, e.g., SSH, HTTP, HTTPS.

4. Intrusion Detection and Prevention

• Fail2Ban: Install and configure Fail2Ban to block IPs after repeated failed login attempts.

  sudo apt install fail2ban

• IDS/IPS Tools: Deploy tools like AIDE or OSSEC for intrusion detection.

5. Minimize Installed Services

• Disable Unnecessary Services: Use systemctl to identify and disable services not in use.

  sudo systemctl disable service_name

6. Monitor and Log Activities

• Centralized Logging: Set up a logging system like ELK Stack or Graylog.
• Use System Monitoring Tools: Deploy tools like Nagios, Zabbix, or Prometheus.

7. Regular Backups

• Automate and schedule backups using tools like rsync, borg, or Restic.
• Store backups securely in a separate location (e.g., cloud storage).

8. Enable SELinux or AppArmor

• SELinux (RHEL/CentOS): Ensure it is enabled and enforcing.

  sudo sestatus
  sudo setenforce 1

• AppArmor (Debian/Ubuntu): Install and configure AppArmor profiles.

9. Use a Malware Scanner

• Install tools like ClamAV or Lynis for regular malware scanning.

10. Implement Access Control

• Restrict file and directory permissions using chmod and chown.
• Use the principle of least privilege for user accounts.

11. Harden Kernel Parameters

• Modify /etc/sysctl.conf to prevent common attacks:

  net.ipv4.icmp_echo_ignore_all = 1
  net.ipv4.conf.all.rp_filter = 1
  net.ipv4.tcp_syncookies = 1

12. Regular Audits

• Use tools like Lynis for system auditing:

  sudo apt install lynis
  sudo lynis audit system

13. Use Cloud Services Securely

• If hosted on a cloud platform, configure Virtual Private Cloud (VPC) and security groups.
• Ensure backups and snapshots are encrypted.

14. Train and Educate

• Keep team members informed about cybersecurity practices.
• Implement policies like regular password changes and two-factor authentication (2FA).

Specific Services by Cloud Knight IT Support

If Cloud Knight IT Support is involved, ensure they:

1. Conduct regular vulnerability scans.
2. Offer 24/7 server monitoring.
3. Provide tailored security recommendations.
4. Assist in implementing advanced measures like encryption, VPNs, and compliance protocols.

Would you like a specific focus on any of these points?