Six Steps to A More Secure Linux Server
I've worked as a remote Linux System Administrator for quite a while, and one thing that I've noticed is that many "administrators" out there don't know how to configure or secure a server properly. This article is a quick reference on some of the more important (and easy) security or configuration tweaks that any administrator or consultant should do for their server. These six steps can dramatically increase the security and stability of any Linux server. The best part about these tips, is that they are all quick and easy to do as well, with each step taking less than 15 minutes!
1.) Security Updates Not Installed
Nearly every server that I work on is not running the latest (and most secure) software. Yes, Linux is a great Operating System- but all software has security problems. Enabling the installation of automatic updates via a cron script or similar is the easiest and most foolproof way to ensure that your server isn't compromised. There really isn't any excuse not to install the latest security updates- older packages are saved in the package archives in case there is a stability or compatibility issue, and the updated packages are logged as they are updated.
2.) Disable root login via SSH, and password authentication
Admittedly, I've been guilty of this myself sometimes. Let's face it, everyone likes being able to quickly and easily log into their servers, and change settings. However, if you're using password authentication, what's to keep someone else from logging into your server? In addition, you should not use password authentication on your Linux server, to prevent others from logging into your Linux server. Instead, enable RSA signed authorization keys. This is more secure, since an attacker will not be able to guess or brute force a login session with your server.
3.) Disable or filter extra services
This is the second biggest issue that I see working with new client's servers. Often, the system administrator who setup their Linux server did not perform a necessary final step- filter incoming connections that aren't necessary. I've seen everything from the daytime service running, to MySQL listening for connections on a remote IP. If a Linux administrator is not familiar with iptables, there are several tutorials out there that will show someone how to create even a basic firewall ruleset. In addition, disabling unnecessary services is a basic step in server optimization as well- why run extra services that tie up resources if they aren't needed?
4.) Test accounts or guest accounts still active
Another glaring security issue (and an often exploited one) is that a client will still have test user accounts running (often with extremely easy passwords, such as test) once a software solution is deployed to a production server. I don't need to go into the security ramifications with this one- make sure that you get rid of those guest or test accounts!
5.) Advertising banners left on
We all love advertising, don't we? However, advertising to the world that the version of Apache or Sendmail that you run on your Linux server is 3 years old is not the type of attention that you want. Simply disabling the server banners will help hide your server from the basic script-dependent attackers. Besides, why help the bad guys determine what software your server is running?
6.) PHP errors or application errors
These issues are the top 6 security issues that I see on a daily basis in my work. You can all check your server or servers for these quick issues (these tips take almost no time at all), and dramatically increase the security of your server. However, if you have any problems implementing these security steps, please feel free to contact me.