Web Hosting Reviews & Ratings

May 15, 2009

Hardening Your Linux Server

When it comes to your server, security should be viewed as a thorough process, not simply results you achieve.  This process is naturally difficult and even more so when factoring in the wide variety of components involved in the typical setup.  The key to adequate server security is hardening the system in a manner the protects against an array of threats.  Properly securing Linux and other GNU-based servers often seems like an overwhelming task, but the process is much simpler when breaking the security process down into easily manageable portions.  In this article we will focus on some of the key aspects that must be covered to ensure acceptable security in the Linux server environment.

Harden SSH

The OpenSSH package is installed by default on most Linux distributions.  Unfortunately, the default configurations are designed to provide functionality over security.  Permissions that allow root logins, listening on port 22 and all IPs and SSH access to all system accounts result in potential security holes that make your server vulnerable.  In order to harden this area, you need to utilize your preferred editor and change the lines in the SSH configuration file to the reflect the following:

- Define the IP addresses SSH will listen on

- Only accept secure SSH connections

- Disable root logins

- Only allow SSH access to certain users

- Change the default port (22)

After making your modifications, restart the SSH server so the changes can take effect.

Harden the File System

Since it uses the Unix file system, Linux is vulnerable to numerous exploits, mainly DoS (Denial of Service) attacks and rootkits.  Minimizing the threat of a  DoS attack is fairly easy as those vulnerable directories can be mounted on their own partitions, preventing the file system from accumulating too many requests and virtually leaving the exploit powerless.  Effectively dealing with the threat of rootkits is a bit more tricky.

Rootkits are very dangerous as they can be used to provide an intruder with control of a system after initially gaining access.  In order to prevent the successful deployment of rootkits, you must utilize tools such as chkrootkit in conjunction with IDS (intrusion detection system) technologies like fcheck.  chkrootkit will allow you to search for the presence of malicious rootkits while fcheck helps you create cryptographer identifiers that will let know if integrity has been violated and which aspects have been directly affected.  These tools are easy to use and incorporate into your existing configuration.

Network Security

One of the most vital aspects to security on a Linux server is to ensure network security by discovering the processes listening for connections on which ports.  Tools that can help make these determinations are commands such as netstat and the nmap network mapper.  netstat will show which ports are being listened on while nmap will determine the ports and services available on the server from other machines within the network.  The output for both commands are easy to access and display comprehensive information regarding network activities.

Conclusion

There are many aspects to securing a Linux server.  Aside from the areas mentioned in this article, you must also perform a thorough installation of Apache along with software packages such as PHP, MySQL and Tomcat.   It can be a tedious undertaking, but you will find that these additional measures are well worth it when the security of your server is involved.

Tags: linux server,  linux,  harden SSH,  DoS,  Linux server environment,  root logins,  OpenSSH,  server security,  rootkits,  SSH acess