Linux Administrator

How to Protect Linux Server from Hackers

protect-linux-server-from-hackers
mm
Written by Santosh Prasad

More than 67.8% public servers running on Linux and UNIX like CentOS, Ubuntu, Redhat, Fedora etc.,  It attracts to hackers to target your Linux Machines. Attacker always find new ways to attack Linux server all time, but with some tricks and tips you can keep hackers away from your Linux servers.

Using this tutorial you can learn some basic security practices that are best to configure your applications. In this tutorial we will take a look at the top tips to keep your Linux servers safe.

Always Keep Your Linux Server Updated

Attacker always find vulnerabilities in software, as per studies more than 68% of attacks on servers were targeted on software vulnerabilities. That’s why you need to keep your application updated. You can setup notification if server application update is available. After reading update descriptions you can apply the patches immediately.

protect-linux-server-1

Use cron to notify when updates are available.

Apply Strong Network Security

Secure your network to keep away hackers from your servers, all server attack happen over the network.

Follow the below steps to do it:

  • Harden the Linux Kernel Parameters related to networking :- You can do this modifying the “/etc/sysctl.conf” values.
  • Restrict access to services like using SSH TCP Wrappers :- You can do this editing the “/etc/hosts.allow” and “/etc/hosts.deny“.
  • Configure the strong Firewall policy using IPTables.
protect-linux-server-2

Apply a Strong User Login and Password Policy

Users are the most vulnerable part of the servers. Attackers try to brute force attack, phishing, drive-by-download etc. Keep your login details in secure place if it is unable to remember.

Follow steps will help to securing the user login:

  • Apply strong passwords:- You should make the password at least more than 12 characters long.
  • Change your old passwords:- You should change time to time your old password because anyone silently steal your data using old passwords.
  • Lock account after N time of login attempts:- If lock the account after N time of login attempt, brute force attack will fail.
  • Use IP base restriction where possible – Use can apply IP based restriction for your sensitive services like SSH, Database etc.
protect-linux-server-3

Restrict User Privileges Using the File-System

File System controls access privileges of each users. Hardening the file-system setting it will block the malware to and execute the file on servers.

Follow the below steps to do it:

  • Prevent modification of core system binaries by making it Immutable. You can use Linux Chattr command to do so.
  • Apply the Limit access to root user and /boot portion.
  • You can mount user accessible diretories like web folder, /tmp and other world writable folder as “NoExec“.
  • Block “SetUID” and “SetGID” file creation in world writable and web document root folders.
protect-linux-server-4

Harden the Linux Kernel

It is very difficult to patch and update system every time. However, there are cases where hackers exploit un published vulnerabilities and get access to servers. Strong precaution against such a possibility is to harden the Linux Kernel.

Follow the below solutions for this:

  • Use kernel hardening patches like ExecShield or Pax :- Kernel hardening patches protect servers against common exploits like buffer overflows, privilege escalation, and path name attacks etc.
  • Apply mandatory access control systems like SELinux or AppArmor :- This prevents users from doing any action other than what’s absolutely needed for their service. For example developers should not able to access “/etc” config directory.
protect-linux-server-6

Enabling Malware Scanning

All servers attacks start by uploading a malware to the servers. Using malware scanning on all incoming and outgoing network traffic to block hack attempts.

Follow the below steps to do it:

  • Configure anti-virus tools with FTP and Web Disk to scan incoming files.
  • You can use the “iNotify” feature Of Linus file systems to trigger a scan when a new file is created.
  • You can use Web Application Firewall + anti virus to scan web traffic.
  • You can also use multiple anti-virus signature databases to make sure no malware gets through your filters.

Setup an Intrusion Detection System

Quick reactions to an intrusion or an intrusion attempts can help you to limit any damage done on the servers. Intrusion detection systems help to monitor sensitive directories, logs and processes to notify you of un-usual behaviour. You on use OSSEC for Intrusion Detection System. You can follow my previous article for OSSEC installation and configuration.

Suggested Read: Install and Configure OSSEC on Linux and UNIX System
  • Always Monitor for processes that’s executed from unknown files or locations.
  • Keep eye on system libraries and investigate any changes of those files.
  • Monitor directories that only accessible for administrator.
  • Keep eye on network traffic for malware. You can setup the system to automatically block malware sources.
protect-linux-server-7

I hope this article will help to keep secure your Linux servers  from hackers. If you have any queries and problem please comment in comment section.

Thanks:)

About the author

mm

Santosh Prasad

Hi! I'm Santosh and I'm here to post some cool article for you. If you have any query and suggestion please comment in comment section.

Leave a Comment