How to Secure the Linux Servers? A few Simple Tips

in Witness Activities2 years ago

image.png

I have 20+ servers, and I need to make sure they are safe, so here are the few steps I took to harden the security:

Change SSH Port number


you can configure Port XXX in /etc/ssh/sshd_config and remember to restart the ssd service to take effect:

service sshd restart

Disable root SSH login


you can configure PermitRootLogin no in /etc/ssh/sshd_config and remember to restart the ssd service via:

service sshd restart

Enable ufw firewall


Then, you can allow certain ports to go through via e.g:

sudo ufw allow 80/tcp

or disable ports via:

sudo ufw disallow 22/tcp

Disable MySQL root login remotely


Also, use a username that is not root. You can do it via /etc/mysql/my.cnf

Grant correct permissions to users. See this post for more details.

Pick a strong password


My login-user password is around 30 characters - so they are not easy to be cracked via bruteforce algorithms.

Use SSH key to login


Put the public key in ~/.ssh/authorized_keys and use the SSH key to login instead. You need to generate the SSH key pairs first via:

ssh-keygen -t rsa

Protect special folders via .htaccess and .htpasswd


For example, if you have wordpress, you would need to protect /wp-admin. If you install phpadmin, you would certainly protect it via .htaccess/.htpasswd. You can also have a allow/disallow IP list here.

Disable user SSH login via password


You can disable SSH login via username/password by PasswordAuthentication no in /etc/ssh/sshd_config but make sure you have the SSH keys correctly set - otherwise you will be locked out of your server.

Reposted to Blog

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Thank you for reading ^^^^^^^^^^^^^^^

NEW! Following my Trail (Upvote or/and Downvote)

Follow me for topics of Algorithms, Blockchain and Cloud.
I am @justyy - a Steem Witness
https://steemyy.com

My contributions

Steem/Swap to USDT Swap

I also made this Super Easy/Handy Service to Convert your STEEM or SBD to USDT (TRC-20)

Delegation Service

Voting Power Considered in Voting Schema and Important Update of Delegation Service!

  • Delegate 1000 to justyy: Link
  • Delegate 5000 to justyy: Link
  • Delegate 10000 to justyy: Link

Support me

If you like my work, please:

  1. Delegate SP: https://steemyy.com/sp-delegate-form/?delegatee=justyy
  2. Vote @justyy as Witness: https://steemyy.com/witness-voting/?witness=justyy&action=approve
  3. Set @justyy as Proxy: https://steemyy.com/witness-voting/?witness=justyy&action=proxy
    Alternatively, you can vote witness or set proxy here: https://steemit.com/~witnesses
#witness-category #witness #vps #linux #blog #tutorial #upfundme
2 years ago in Witness Activities by
$93.89
  • Past Payouts $93.89
  • - Author $47.14
  • - Curators $46.75
154 votes
Reply 4
Sort:  
  • Trending
    • [-]
     2 years ago 

    Great tips! Thank you justyy!!!

    $0.00
      Reply
      [-]
       2 years ago 

      This post has been featured in the latest edition of Witness Weekly...

      $0.00
        Reply
        [-]
         2 years ago 

        Hello @pennsif! You are superb!

        command: !thumbup is powered by witness @justyy and his contributions are: https://steemyy.com
        More commands are coming!

        $0.00
          Reply

          Coin Marketplace

          STEEM 0.21
          TRX 0.20
          JST 0.034
          BTC 98043.90
          ETH 3346.07
          USDT 1.00
          SBD 3.02