Monday, July 28, 2025
HomeLinux TutorialLinux Server Hardening: 10 Must-Do Tasks
Linux Tutorial

Linux Server Hardening: 10 Must-Do Tasks

TechsBucket

Securing a Linux server is crucial to prevent cyberattacks, data breaches, and unauthorized access. Whether you’re running a personal project or a business-critical application, these 10 essential steps will help you lock down your server effectively.

1. Keep Your System Updated

Linux Updates

Why? Outdated software is the #1 cause of security vulnerabilities.

How?

sudo apt update && sudo apt upgrade -y  # Debian/Ubuntu
sudo dnf update -y  # RHEL/Fedora

Enable automatic security updates:

sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades

2. Secure SSH Access

SSH Security

Why? SSH is a common attack vector for brute-force attempts.

How?

Disable root login:

sudo nano /etc/ssh/sshd_config

Set:

PermitRootLogin no
PasswordAuthentication no  # Use SSH keys instead

Change default SSH port (optional but recommended):

Port 2222  # Example

Restart SSH:

sudo systemctl restart sshd

3.  Configure a Firewall (UFW)

Firewall Protection

Why? A firewall blocks unauthorized access to open ports.

How?

sudo apt install ufw
sudo ufw allow 22/tcp  # Or your custom SSH port
sudo ufw allow 80/tcp  # HTTP
sudo ufw allow 443/tcp  # HTTPS
sudo ufw enable

4. Use SSH Key Authentication (Instead of Passwords)

SSH Keys

Why? Passwords can be cracked; SSH keys are nearly unbreakable.

How?

Generate SSH keys (on your local machine):

ssh-keygen -t ed25519

Copy public key to server:

ssh-copy-id user@your_server_ip -p 2222

5. Install & Configure Fail2Ban

Fail2Ban Protection

Why? Blocks brute-force attacks automatically.

How?

sudo apt install fail2ban
sudo systemctl enable --now fail2ban

Customize jail rules:

sudo nano /etc/fail2ban/jail.local

6. Disable Unnecessary Services

Why? Fewer services = fewer attack surfaces.

How?

sudo systemctl list-unit-files --type=service | grep enabled

Disable unused services:

sudo systemctl disable servicename

7. Set Up 2FA for SSH (Optional but Recommended)

Why? Extra layer of security for SSH logins.

How?

sudo apt install libpam-google-authenticator
google-authenticator

Then edit /etc/pam.d/sshd and add:

auth required pam_google_authenticator.so

8. Monitor Logs for Intrusion Attempts

Why? Detect attacks before they succeed.

How?

sudo tail -f /var/log/auth.log  # SSH attempts
sudo grep "Failed password" /var/log/auth.log

9. Regular Backups

Server Backups

Why? Ransomware or crashes won’t destroy your data.

How?

sudo tar -czvf /backup/server-backup-$(date +%F).tar.gz /var/www /etc

Or use rsync:

rsync -avz /var/www user@backup-server:/backups/

10. Audit Security with Lynis

Why? Automated security auditing.

How?

sudo apt install lynis
sudo lynis audit system

By following these 10 critical steps, your Linux server will be far more secure against common attacks.

A big thank you for exploring TechsBucket! Your visit means a lot to us, and we’re grateful for your time on our platform. If you have any feedback or suggestions, we’d love to hear them.

Also Read:

Steps to Set Up a Linux Web Server

Tags :linuxLinux Server Hardening
add a comment

Leave a Response

You Might Also Like