Server hardening is the practice of securing your system and improving your server’s ability to prevent unauthorized access. This is done by limiting the opportunities for discovering potential exploits. Today we will be talking about how to secure your Linux server. Even though we are going to be talking about Linux servers specifically, the same tips can easily be applied to a Windows server. 

Check out the tips below on how to secure your server!

 

Firewall/IPTables 

 

  • Always have a firewall running 
  • Whitelist IPs you connect from and only allow certain IPs to be able to connect to your server SSH 
  • Block ICMP/Ping requests 
  • Configure iptables to block common attacks 
    • Force SYN packets check: iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP 
    • Drop XMAS packets: iptables -A INPUT -p tcp —tcp-flags ALL ALL -j DROP 
    • Drop null packets: iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP 
    • Drop incoming packets with fragments: iptables -A INPUT -f -j DROP
  • Check open ports and block unused ones 
    • Use netstat –antp command to check
  • Use Fail2Ban to blacklist IPs that are trying to brute-force attack your server 

 

SSH 

 

  • Change your SSH port from default 22 to something less obvious 
  • Disallow password logins and use a private key to authenticate 
  • Disallow root logins 

 

User Access 

 

  • Only allow access to files the user needs, so lockdown/boot, root, etc. 
  • Restrict core dumps 
    • Add hard core 0 to the /etc/security/limits.conf file 
    • Add fs.suid_dumpable = 0 to the /etc/sysctl.conf file 
  • Only allow the sysadmin to have root access 
  • Audit your user permission level at least once a month 
  • Users no longer active should be removed immediately
  • Verify no accounts have empty passwords 
  • Enforce strong passwords that are at least 16 characters long with at least 1 upper case, 1 lower case, and 1 symbol 
  • As mentioned above, if a user is using SSH or any type of remote login, they should use private key instead 

 

Logs 

 

  • Logs should be reviewed periodically, if logs are too big automation should be used 
    • Logwatch is agreat utility to monitor your logs 
  • Some logs should be periodically checked
    • /var/log/message – Where whole system logs or current activity logs are available 
    • /var/log/auth.log – Authentication logs 
    • /var/log/kern.log – Kernel logs 
    • /var/log/cron.log – Crond logs (cron job) 
    • /var/log/maillog – Mail server logs 
    • /var/log/boot.log – System boot log 
    • /var/log/mysqld.log – MySQL database server log file 
    • /var/log/secure – Authentication log 
    • /var/log/utmp or /var/log/wtmp: Login records file 
    • /var/log/yum.log: Yum log files 

 

Encryption

 

  • Have your drive encrypted in case of a physical server breach 
  • TPM modules are available on servers and can be used to enhance your encryption 

 

Backups

 

  • Always back up your data and keep it locked
  • Use the 3-2-1 rule when possible
    • 3 copies of data
    • 2 different media types
    • 1 copy offsite 

 

Updates and Packages 

 

  • Your system should be updated as often as possible with security patches 
  • Patches should be tested on a separate server before pushing them on a production server  
  • Unused packages should be removed 
  • As part of the update cycle, you should scan for rootkits as well 
    • Install chrootkit and execute it as a root 

 

SELinux 

 

  • Enable SELinux for better access control support 
    • Set it to “Enforcing” 

Would you rather have your users ask for permission to access something or have a security breach on your hands? Like the saying goes, it’s better to ask for permission than to ask for forgiveness!

Do you have any questions or tips about hardening your server? Let us know below!