Do You Want to Improve Your Linux Server Security?

If your job involves network management, system administration or Web related services you may be using a Unix based server system like Linux. It is a powerful and easy to operate system and of course the price is right. However, it's necessary to be as secure as possible these days and even though SSL is important, much more is needed for the best Linux server security. Here are some helpful tips for making your open source server more secure.

1. Secure the BIOS

It's a good idea to make sure your system cannot be booted from external sources. This is why you should disable options like booting from a CD, DVD, floppy or any other external device. It is also important that no one else have access to GRUB, so it needs to be protected with a password and the password should be very secure or else someone could get root access. You'll want to make a hashed password in the configuration file. This increases your Linux server security against many outside sources.

2. Lean up the Services

You may have more services running than you realize. This is not always a good thing. The more services you have the more Linux server security risks you may incur. To check your services, do a "chkconfig" command on runlevel 3. If you do not have a packaging managing utility like Red Hat Package Manager (RPM) you should consider getting it. This will make it easier to list all services and to disable the ones you want to. RPM is open source so you won't have to pay for it.

3. Access Remote Computers with SSH

Secure socket shell is the best way to ensure secure communications between computers. This is especially important if you are gaining remote access via the Internet. SSH allows you to be sure you are dealing with the right computer and it lets you authenticate yourself and you can validate the remote computer. For example, if you use Telnet protocol your Linux server security can easily be compromised because it is not encrypted and the same is true with rlogin.

SSH as default uses TCP port 22, so you can increase security by choosing a higher numbered port. Also, by opening the main SSH config file you may limit user access.

4. Restrict Cron Access

Cron is an important utility for scheduling scripts or commands to run at a specified time and date. However, as administrator you may want to be the only one with access, if you desire increased Linux server security. Check the cron.allow file to see if anyone is currently allowed access. If you wish to deny access to a specific user, you can use the cron.deny file. To be the only one allowed access, simply put "all" in your cron.deny file.

5. Eliminate Flash Drive Theft

One of the easiest ways for someone to steal data, is to stick in a USB flash drive or other device. In fact, this function is allowed by default. Many USB devices are capable of holding a great deal of data and if you do not plan on using one during normal operations you should consider eliminating this function. Depending on which version and system you are using, you'll need to add a command, with this command "install usb-storage /bin/true". The command will look something like this, "/etc/modprobe.d/no-usb".

6. Make Sure SELinux is Not Disabled

SELinux is an essential security module which is designed to protect overall Linux server security. This is an important feature to have if your system can be accessed remotely or from the Internet.

7. Utilize HTTPS When Possible

Firewall protection may not be sufficient when you are communicating within a network and over the Internet. If you are using a Web server like Apache, HTTPS is not hard to set up because Apache supports secure sockets layer encryption. Some people believe that HTTPS is mostly for ecommerce sites but this is not the case. If you or others need to log in to a website like a mail domain or other service, it should be done over a secure and encrypted connection.

Validating and installing an SSL certificate is not difficult when you run an Apache web server. In fact, Comodo offers a free auto installer utility for installing your certificate on Apache.

Comodo is the world's number one CA (certificate authority) and we provide affordable HTTPS certificates for a wide range of situations and businesses. Check out all the products and services we have for you, when you go to https://www.instantssl.com/ today. You may also call toll free 1-888-266-6361 for additional information.

Related Articles
Back to TOP