Linux Server Security Tutorial
Introduction
Can Linux servers be hacked? Absolutely! Anything can be hacked, especially if you haven’t taken steps to protect and harden your Linux server. In this video, we’ll cover five essential steps to secure your Linux server against hackers and attacks.
Getting Started
If you don’t have a Linux server to secure, you can get one for free with Linode. They offer a $100 credit to create a Linux virtual machine lab. Follow along to set up your server and secure it.
Steps to Secure Your Linux Server
Step 1: Enable Automatic Updates
One of the most critical steps in securing your server is ensuring it stays up-to-date with the latest security patches. Most servers get hacked because they weren’t patched in time.
To update your server manually, use the following commands:
sudo apt update
sudo apt upgrade -y
To automate updates, install unattended-upgrades:
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades
Enable automatic downloads and installation of stable updates when prompted.
Step 2: Create a New User and Disable Root Login
Logging in as the root user is dangerous. Instead, create a new user and grant it sudo privileges.
Create a new user:
sudo adduser newuser
Add the new user to the sudo group:
sudo usermod -aG sudo newuser
Disable root login:
sudo passwd -l root
Step 3: Set Up SSH Key-Based Authentication
Passwords can be hacked. Using SSH keys is a more secure method for logging into your server.
1. Generate SSH Keys on your local machine:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
2. Copy the Public Key to your server:
ssh-copy-id newuser@your_server_ip
3. Disable Password Authentication:
Edit /etc/ssh/sshd_config and set PasswordAuthentication to no.
4. Restart SSH:
sudo systemctl restart ssh
Step 4: Harden SSH Configuration
Edit the SSH configuration file to further secure your server.
sudo nano /etc/ssh/sshd_config
- Change the SSH Port: Change
Port 22to a higher, non-standard port. - Restrict Root Login: Set
PermitRootLogintono. - Disable Password Authentication: Set
PasswordAuthenticationtono.
Save and close the file, then restart SSH:
sudo systemctl restart ssh
Step 5: Install and Configure a Firewall
A firewall adds an extra layer of protection by controlling incoming and outgoing traffic.
-
Install UFW (Uncomplicated Firewall):
sudo apt install ufw -y -
Allow SSH on the new port:
sudo ufw allow 717/tcp -
Enable UFW:
sudo ufw enable -
Check UFW Status:
sudo ufw status
Step 6: Disable Unnecessary Services
Reduce your attack surface by disabling services you don’t need.
-
List Active Services:
sudo systemctl list-units --type=service --state=active -
Disable Unnecessary Services:
sudo systemctl disable --now service_name
Conclusion
By following these steps, you’ll significantly improve the security of your Linux server. Regular updates, user management, key-based authentication, and a properly configured firewall are essential components of a secure system. Remember, while nothing is completely unhackable, these best practices will help keep you safe.
Subscribe and Stay Updated
Make sure to subscribe to our channel for more tutorials and IT tips. Like, comment, and hit the notification bell to stay updated. Thank you for watching, and happy securing!