Secure Your Linux Server

Mon, 04 Dec 2023 00:00:00 +0000

Almost everyone thinks Linux is more secure, right? Well, hold your penguins, because the truth is as slippery as a buttered-up Tux sliding on ice.

Is linux actually secured?

Simple answer No. yeah, Linux is considered secure, but not straight out of the box, particularly when dealing with minimalist distributions like Arch, Gentoo, and Void Linux. Which ships with literally nothing out of the box. Not even a firewall :) Shocking, I know. In this case, Windows suddenly looks like it’s rocking a cyberpunk suit, and Linux seems to have left the house without pants.

cyberpunk windows

Yeah, your whole life was a lie :)

But wait, before you hit the panic button and decide to replace your Linux partition with Windows, there’s a plot twist. If you’re an everyday Linux user, you’re still in the safe zone. Why?

Let’s rewind to the 1990s when Windows dominated the desktop operating system market with its proprietary MS-DOS. Windows maintained this monopoly for years, making Linux a relatively secure option for normal users. Confused? Allow me to elaborate.

In this scenario, users and the operating system share the stage, but there’s a third player – hackers. With the majority using Windows, hackers found it convenient to focus on exploiting vulnerabilities in a single OS.

This led to a period where Windows users were constantly under attack.

But, and it’s a significant but, it doesn’t mean Linux lacks security; it’s simply not inherently secure out of the box. With the right configurations and additional security measures, Linux can surpass Windows security levels by a considerable margin. So, while Windows may seem like it’s dressed in cyber armor from the get-go, Linux is more of a security project waiting for customization.

But wait, this doesn’t mean Linux is just chilling in a hammock, sipping coconut water, and avoiding cyber-attacks. No, it’s like the VIP of hacking targets, especially on servers. Linux is like the hottest party spot, and hackers RSVP every day.

Well, you got the problem; but what about the solution?

Here you go

Secure your linux server.

There are plenty of ways you can secure your server but here i will mention only the important one.

1. Network Filtering

You might already heard about this thing, but most likely never tried ;)

It is nothing but securing linux in network.

For this just open your /etc/sysctl.d/local.conf

bash /etc/sysctl.d/local.conf


   
   # Turn on Source Address Verification in all interfaces to
   # prevent some spoofing attacks
   #net.ipv4.conf.default.rp_filter=1
   net.ipv4.conf.all.rp_filter=1
   
   # Ignore echo broadcast requests to prevent being part of smurf attacks
   net.ipv4.icmp_echo_ignore_broadcasts=1
   
   # Enable TCP/IP SYN cookies to protect against SYN flood attacks.
   # See http://lwn.net/Articles/277146/
   net.ipv4.tcp_syncookies=1
   
   # ipv6 settings (no autoconfiguration)
   net.ipv6.conf.default.autoconf=0
   net.ipv6.conf.default.accept_dad=0
   net.ipv6.conf.default.accept_ra=0
   net.ipv6.conf.default.accept_ra_defrtr=0
   net.ipv6.conf.default.accept_ra_rtr_pref=0
   net.ipv6.conf.default.accept_ra_pinfo=0
   net.ipv6.conf.default.accept_source_route=0
   net.ipv6.conf.default.accept_redirects=0
   net.ipv6.conf.default.forwarding=0
   net.ipv6.conf.all.autoconf=0
   net.ipv6.conf.all.accept_dad=0
   net.ipv6.conf.all.accept_ra=0
   net.ipv6.conf.all.accept_ra_defrtr=0
   net.ipv6.conf.all.accept_ra_rtr_pref=0
   net.ipv6.conf.all.accept_ra_pinfo=0
   net.ipv6.conf.all.accept_source_route=0
   net.ipv6.conf.all.accept_redirects=0
   net.ipv6.conf.all.forwarding=0

2. Secure SSH server

Edit the configuration file
```
sudo vim /etc/ssh/sshd_config
```

Toggle these options

PermitRootLogin no
X11Forwarding no
AllowUsers <your username>
PubkeyAuthentication yes
ChallengeResponseAuthentication no
Port 2202 # use random port instead of 22

Restart your sshd service.

# For systemd
sudo systemctl restart ssh.service

# For sysVinit
sudo service sshd restart

# For runit
sudo sv restart sshd

Make sure you have created your keys, then add your host system’s key to .ssh/authorized_keys file in server or use below command

ssh-copy-id -i ~/.ssh/id_rsa.pub <server ip>

3. Setup firewall

Now, here you have two choices:

Use ufw
Use Iptables directly

For UFW.

sudo apt install ufw -y

Enable it.

sudo ufw enable

4. Limit SUDO

To limit the sudo access use the sudoers file.

Edit it.

sudo vim /etc/sudoers

Add your user with privileges.

## User privilege specification

root ALL=(ALL:ALL) ALL
<user> <privileges>

5. Use SELinux

Final suggestion, it is very powerful but sometimes it’s annoying. Without learning it don’t install it on your server, or you will waste your day in figuring out why you are not able to access your nginx webserver on port 80 ;)

6. Other Tips & Tools

Stop & disable all unnecessary services, this will probably reduce the attack surface.
Enforce strict memory access controls.

After all these, you can also configure,

Security & system auditing tool - lynis
Intrusion detection system - psad
Eliminate bruteforce - fail2ban

Server on Dark Kernel