Linux Server Hardening checklist2 min read

Prabhin Prabharkaran Administrator
DevOps Engineer

He is a Technical professional. He is a person who loves to share tricks and tips on the Internet. He Posts what he does!

follow me

Linux Server Hardening checklist

Hi All, In this document we will shows you how to secure your linux server. These include linux Server hardening checklist needs to be followed.

1. BIOS Protection
Starting from base, Enable password protection for BIOS so the end-user won’t be able to change and override the security settings in the BIOS.
Next, you need to disable the booting from external media devices (USB/CD/DVD).

2. Hard disk encryption
Better to enable Harddisk encryption if the servers deals with any confidential Datas. Now by default most of the linux distribution comes with encryption option.

3. Disk Partition
Partitioning disks gives you the opportunity of performance and security in case of a system error.

4. Lock Boot Directory
The boot directory contains important files related to the Linux kernel, so you need to make sure that this directory is locked down to read-only permissions by following the next simple steps.

5. Disable USB usage
Depending on how critical your system is, sometimes it’s necessary to disable the USB sticks usage on the Linux host

6. System update
The first thing to do after the first boot is to update the system; this should be an easy step.

7. Check for open ports
Identifying open connections to the internet is a critical mission.

8. Secure SSH
Yes, indeed SSH is secure, but you need to harden this service as well. First of all, if you can disable SSH, that’s a problem solved. However, if you want to use it, then you have to change the default configuration of SSH. To do it, browse to /etc/ssh and open the “sshd_config” file using your favorite text editor.
Change the default port number 22 to something else e.g. 2234.
Make sure that root cannot login remotely through SSH:

9. Enable SELinux
Security Enhanced Linux is a Kernel security mechanism for supporting access control security policy. The SELinux has three configuration modes:

Disabled: Turned-off
Permissive: Prints warnings
Enforcing: Policy is enforced

10. Password policies
People often reuse their passwords, which is a bad security practice. Prepare password policies for user accounts and maintain.

Use this link to setup a notification for all users using linux.

11. Secure HIDS
Install and configure HIDS agent to analyse whats happening in system. Enable Notifications enabled for the high alert events.

12. Display SSH Banner Before Login
It’s always a better idea to have an legal banner or security banners with some security warnings before SSH authentication.

13. Review Logs Regularly
Move logs in dedicated log server, this may prevents intruders to easily modify local logs.

© 2018, Techrunnr. All rights reserved.

Questions Answered
Articles Written
Overall Points

Related posts

Leave a Reply