Skip to main content

Linux Server Hardening

Server hardening is the process of enhancing server security through a variety of means which results in a more secure server operating environment.

Securing SSH

SSH is the primary means of remote access to a Linux server. Securing it is critical.

  • Use Key-Only Authentication: Disable password authentication and use SSH keys instead.

    # In /etc/ssh/sshd_config
    PasswordAuthentication no
    PubkeyAuthentication yes

  • Disable Root Login: Do not allow the root user to log in directly.

    # In /etc/ssh/sshd_config
    PermitRootLogin no

  • Change the Default Port: While this is "security through obscurity," it can reduce the number of automated attacks.

    # In /etc/ssh/sshd_config
    Port 2222

Using fail2ban

fail2ban is an intrusion prevention software framework that protects computer servers from brute-force attacks.

  • Installation:

    sudo apt-get install fail2ban # Debian/Ubuntu
    sudo yum install fail2ban # RHEL/CentOS

  • Configuration: Create a local configuration file to override the defaults.

    sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

    Edit /etc/fail2ban/jail.local to configure the services you want to protect.

    [sshd]
    enabled = true
    port = ssh
    filter = sshd
    logpath = /var/log/auth.log
    maxretry = 3
    bantime = 3600

Introduction to auditd

The Linux Audit daemon (auditd) is the userspace component to the Linux Auditing System. It's responsible for writing audit records to the disk.

  • Installation:

    sudo apt-get install auditd # Debian/Ubuntu
    sudo yum install audit # RHEL/CentOS

  • Example Rule: You can add rules to the /etc/audit/rules.d/audit.rules file.

    # Monitor changes to /etc/passwd
    -w /etc/passwd -p wa -k passwd_changes

Basics of SELinux and AppArmor

  • SELinux (Security-Enhanced Linux): A security module in the Linux kernel that provides a mechanism for supporting access control security policies. It is the default on RHEL-based systems.

    • Check Status: sestatus
    • Change Mode: setenforce 0 (Permissive), setenforce 1 (Enforcing)

  • AppArmor (Application Armor): A Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. It is the default on Debian-based systems.

    • Check Status: sudo aa-status
    • Profiles: Located in /etc/apparmor.d/