General Linux Security Tips

This guide will include some general tips of how to keep your system secure. This guide will not 100% stop your system from getting attacked or broken into, however it will reduce the chances of a breach as long as you follow all of these steps. All of the things I list below either currently have a guide or will very soon, so I won't go too much into depth on each one. If there is one you want to learn about and there is not currently a guide on it here on the forums please try Googling it.

Tip One:

This may seem really simple and like it should be common sense, but it is really important. Pick a strong password. There are many sites you can use to generate a really strong password. Even better than making a strong password, use and SSH key and disable SSH password login all together.

Tip Two:

If you've chosen to continue using password authentication you should frequently change your SSH password. You should also create an account that is not the root user to use for SSH and then disable the root account's ability to login through SSH.

Tip Three:

Ensure your system and the packages running on it stay up to date. Many distributions, such as Ubuntu and Debian, include tools that can automatically check the packages on your system and the system itself for updates, and automatically apply them when they are available.

Tip Four:

Setup your system's firewall to only allow access through ports that actively have something running them that outside users should be able to access. Be careful not to disable the port for SSH.

Tip Five:

Make sure Fail2Ban is setup and functioning properly. Fail2Ban will attempt to keep people who shouldn't be accessing your server from accessing your server.

Tip Six:

Everyone knows the default ports for common services such as FTP and SSH. So you should change them. This will make breaking into your server just that much harder.

Tip Seven:

Avoid giving out the I.P. address for the server. Always try to use a program like Cloud Flare in front of your server. It might not completely protect your server and game server can't be routed through their servers but it adds another line of defense.

Tip Eight:

Finally check if your distro has a security news mailing list that sends out emails when knew security updates are released, or  when security flaws are found. 

1 person likes this
Login or Signup to post a comment