When you come across other checklists with a number in the title, then most likely it’s not a real checklist. Like hardening and securing an operating system, a good checklist requires dedication and a lot of work. Operating systems often come preloaded with software and services that run constantly in the background linux hardening and security lessons without notice. To enhance the security of your servers, list all packages and software installed on your servers using your package managers (apt, yum, dpkg). Setting up a functioning firewall is crucial to securing your server. A firewall is a tool for monitoring and filtering incoming and outgoing network traffic.
- Additionally, backup management is essential, including decisions on retention periods for old backups and the frequency of system backups (daily, weekly, etc.).
- To take SSH security to the next level, you may also enable two-factor authentication.
- It’s vital to understand that these measures serve to minimize potential attack vectors, constituting best practices in the realm of server security.
- PHP versioning refers to the practice of managing and identifying different releases or versions of the PHP programming language.
Linux kernel and its related files are in /boot directory which is by default as read-write. Changing it to read-only reduces the risk of unauthorized modification of critical boot files. In the event of an intrusion, these can ensure that critical data remains accessible. They are particularly valuable in the event of a ransomware attack. While they can’t outright prevent ransomware issues, they can ensure that, in the worst-case scenario, the damage is limited by retaining access to essential data. SSH key pairs, while not as user-friendly as passwords, are significantly more secure.
Turn on SELinux
This way, you can easily see if you need to change any parameter to enhance the security of the SSH server. You may read about setting up two-factor authentication with SSH here. Read this detailed tutorial to learn how to disable password based SSH authentication. You may also add selected users to a new group and allow only this group to access SSH. You must remember or note down the port number otherwise you may also not access your servers with SSH.
- Create an additional test user and log in with that, to help with testing.
- This is controlled by the use of files called /etc/cron.allow and /etc/cron.deny.
- Server hardening involves applying the principles of system hardening to servers specifically.
- The list can go on and on, but these should be enough to start with.
- This user will be added to the administrative group, allowing him or her to become root.
In most Linux distributions, pressing ‘CTRL-ALT-DELETE’ will takes your system to reboot process. So, it’s not a good idea to have this option enabled at least on production https://remotemode.net/ servers, if someone by mistakenly does this. It’s important to have different partitions to obtain higher data security in case if any disaster happens.
Apache Web Server Hardening
For installing and setting up the server, the system administrator in the Linux operating system possesses system-wide privileges. To decrease the possibility that hackers may exploit this user’s access and privileges, it must not be utilized to carry out routine server tasks. As a result, a new user must be established and granted the necessary rights to carry out standard server operations. Only certain administrators will be able to utilize this sudo user. To get rid of the constant brute force attacks, you can opt for only key-based SSH login. If you have sudo users added on your system, you should use that sudo user to access the server via SSH instead of root.