Linux is considered one of the most stable and highly secure open-source OS platforms. Though there is no reason to doubt this claim but at times hackers have brought Linux to its knees through vulnerability which was left unattended by the system admin. Though there is no reason to press the panic button but it is always a good thing to know few security tips to manage your Linux in a much more professional and secure way. By doing this you can really harness the true potential of this highly useful and flexible OS.
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
10 Ways to Secure your Linux System
1. 10 Ways to Secure your Linux System
Convergence IT Services Pvt. Ltd
2. 10 Ways to Secure your Linux System
Linux is considered one of the most stable and highly secure
open-source OS platforms. Though there is no reason to doubt
this claim but at times hackers have brought Linux to its knees
through vulnerability which was left unattended by the system
admin. Though there is no reason to press the panic button
but it is always a good thing to know few security tips to
manage your Linux in a much more professional and secure
way. By doing this you can really harness the true potential of
this highly useful and flexible OS.
support.convergenceservices.in
2
3. 1. Physical System Security
This is basic yet so many system admin fail to ensure this level
of security. In the physical system security you can configure
the BIOS along with that disable booting from CD/DVD,
External Devices, Floppy Drive in BIOS. You can also enable
BIOS Password and protect GRUB with password so as to
restrict physical access to your Linux system.
support.convergenceservices.in
3
4. 2. Use Secure Shell (SSH)
Secure Shell (SSH) is a protocol which provides a secure
remote access. Protocols like Telnet and rlogin uses simple
text which is not encrypted and can cause security breach. On
the other hand SSH is a secure and encrypted protocol which
can be used for communication with server. Never use default
SSH 22 port number rather use higher level port number.
support.convergenceservices.in
4
5. 3. Disk Partitions
If you want to have higher data security it is imperative you
make different partition of your disk. By doing this you will
separate and group data thereby reducing the damage in case
disaster strikes. You need to make sure that you must have
separate partitions and that third party applications should be
installed on separate file systems under/opt.
support.convergenceservices.in
5
6. 4. Check Listening Network Ports
Use ‘netstat‘ networking command to view all open ports and
associated programs. The ports which are unused should be
disabled using the ‘chkconfig’ command. This simple
precaution can help system admin to make the Linux Server
System.
support.convergenceservices.in
6
7. 5. Disable USB stick to Detect
If you ever want to restrict users from using any kind of USB
stick in your Linux system so that your data is secure from
unauthorized access then you can create a file
‘/etc/modprobe.d/no-usb‘ and adding a line ‘install usbstorage /bin/true’ will not detect USB storage.
support.convergenceservices.in
7
8. 6. Turn on SELinux
• SELinux or Security-Enhanced Linux is an important access
control security mechanism provided in the kernel. So if you
want to add an extra layer of security then it is a good idea to
keep it on.
• SELinux offers three basic modes of operation and they are.
• Enforcing: This is default mode which enables and enforces
the SELinux security policy on the machine.
• Permissive: In this mode, SELinux will not enforce the security
policy on the system, only warn and log actions. This mode
comes handy when you are troubleshooting SELinux related
issues.
• Disabled: SELinux is turned off.
support.convergenceservices.in
8
9. 7. Enforcing stronger password
This looks simple but when implemented can bring some
positive results. A large number of users use weak passwords
and this might give a easy access to hackers to make the guess
work and hack the system with a dictionary based or bruteforce attacks. The ‘pam_cracklib‘ module is available in
Pluggable Authentication Modules)module stack which will
force user to set strong passwords.
support.convergenceservices.in
9
10. 8. Checking account for empty password
When an account is having an empty password it means it is
opened for unauthorized access, for anyone on the web and
it’s a part of security within a Linux server. So it is imperative
for all accounts to have a strong and robust password. Empty
password accounts can be easily hacked and is a security risk.
# cat /etc/shadow| awk -F: '($2==""){print $1}' this command
will check if there is any account with empty.
support.convergenceservices.in
10
11. 9. Disable or Remove unwanted services
It is highly advised to uninstall unwanted and useless software
packages to minimize the risk of vulnerability with your Linux
system. Using ‘chkconfig‘ command you can find out services
which are running on run level 3.
support.convergenceservices.in
11
12. 10. Monitor User Activities
This is a thumb rule to maintain the security of your Linux
system yet many a time system admin fail to follow this simple
rule. If you have plenty of users, then it’s imperative to collect
the data of each user activities and analyze them on the basis
of performance and security issues. We even have a tools
called ‘psacct‘ and ‘acct‘ for monitoring user activities these
tools runs in a system background and constantly tracks each
user activity on a system and resources consumed by services
such as Apache, MySQL, SSH, FTP, etc.
support.convergenceservices.in
12
13. About us
Convergence Support Desk is a professional website
maintenance service provider. If you have your website
developed in Joomla, Wordpress or Drupal CMS and are
looking to maintain it then please get in touch with us @ +91
22 2513 6632 or
Visit support.convergenceservices.in
support.convergenceservices.in
13