Securing your Linux server is crucial to protect it from unauthorized access and potential attacks. Here are some essential steps to harden your Linux server after installation:

1. Update Your Server

Ensure your server is up-to-date with the latest security patches:

For Debian-based distributions:

sudo apt update && sudo apt upgrade -y

For RHEL-based distributions:

sudo yum update -y

2. Create a Non-Root User

It’s best practice to avoid using the root account for regular tasks. Create a new user and grant sudo privileges:

sudo adduser newuser

sudo usermod -aG sudo newuser

3. Configure SSH

Make SSH more secure by implementing the following:

Disable root login:

sudo nano /etc/ssh/sshd_config

PermitRootLogin no

Change the default SSH port:

Port 2222

Restart SSH service:

sudo systemctl restart sshd

4. Set Up a Firewall

Configure a firewall to allow only necessary traffic. Use UFW (Uncomplicated Firewall) on Debian-based systems:

sudo ufw allow 2222/tcp

sudo ufw enable

For RHEL-based systems, use firewalld:

sudo firewall-cmd --add-port=2222/tcp --permanent

sudo firewall-cmd --reload

5. Install Fail2Ban

Fail2Ban helps protect your server from brute-force attacks:

sudo apt install fail2ban -y

Create a local configuration file:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the jail.local file to enable SSH protection:

sudo nano /etc/fail2ban/jail.local

[sshd]
enabled = true

sudo systemctl restart fail2ban

6. Disable Unnecessary Services

Disable services that are not needed to minimize potential vulnerabilities:

sudo systemctl disable servicename

sudo systemctl stop servicename

7. Install and Configure Auditd

Auditd is a user-space component to the Linux Auditing System. It provides insight into activities on your server:

sudo apt install auditd -y

sudo systemctl start auditd

sudo systemctl enable auditd

8. Set Up Log Monitoring

Use a log monitoring tool like Logwatch or Logrotate to keep track of server activities:

sudo apt install logwatch -y

sudo nano /etc/cron.daily/00logwatch

Add the following line to the file:

/usr/sbin/logwatch --output mail --mailto [email protected] --detail high

9. Enable Automatic Security Updates

Ensure your system automatically installs security updates:

sudo apt install unattended-upgrades -y

sudo dpkg-reconfigure --priority=low unattended-upgrades

10. Regularly Review Security Settings

Regularly review and update your security settings and configurations to ensure your server remains secure.

By following these steps, you can significantly enhance the security of your Linux server, reducing the risk of unauthorized access and potential attacks.