Home >Operation and Maintenance >Linux Operation and Maintenance >Starting from the command line: Building a secure Linux server environment
Start from the command line: Build a secure Linux server environment
With the development of the Internet, more and more companies and individuals have begun to build their own servers for hosting Websites, apps, etc. However, security issues also arise. In order to ensure the security of the server, we need to build a secure Linux server environment starting from the command line. This article will introduce some key steps and code examples to help you build a more secure Linux server environment.
Before you begin, first make sure that your server operating system and software are up to date. System and packages can be updated by using the following command:
sudo apt update sudo apt upgrade sudo apt dist-upgrade
By default, the SSH service uses port 22. To increase the security of the server, we can change the SSH port to another port. For example, to change the SSH port to 2222, you can use the following command:
sudo nano /etc/ssh/sshd_config
Find the following line:
#Port 22
Modify it to:
Port 2222
Save and close the file. Next, reload the SSH service and set it to start automatically at boot:
sudo systemctl reload sshd sudo systemctl enable sshd
The firewall is the first line of defense to protect the server. We can use ufw to configure firewall rules. First, install ufw:
sudo apt install ufw
Then, enable the firewall and set the default rules:
sudo ufw enable sudo ufw default deny incoming sudo ufw default allow outgoing
Next, set the allowed ports. For example, to allow SSH, HTTP, and HTTPS traffic:
sudo ufw allow 2222/tcp sudo ufw allow 80/tcp sudo ufw allow 443/tcp
Finally, reload the firewall rules:
sudo ufw reload
Fail2Ban is a Powerful protection tools can prevent brute force cracking, malicious login and other attacks. First, install Fail2Ban:
sudo apt install fail2ban
Then, copy the default configuration file and modify it:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local sudo nano /etc/fail2ban/jail.local
Find the following line:
[sshd]
Modify it to:
[sshd] enabled = true port = ssh
Save and close the file. Finally, reload the Fail2Ban configuration:
sudo systemctl reload fail2ban sudo systemctl enable fail2ban
Regular backups are key to ensuring the security of server data. You can use rsync to implement regular backups. First, install rsync:
sudo apt install rsync
Then, create a backup script file:
nano backup.sh
Add the following content to the backup script file:
#!/bin/bash BACKUP_DIR="/path/to/backup/directory" SOURCE_DIR="/path/to/source/directory" rsync -avz --delete $SOURCE_DIR $BACKUP_DIR
Place /path Replace /to/backup/directory
with the destination directory where you want the backup to be stored, and /path/to/source/directory
with the source directory you want to back up. Save and close the file. Next, set the backup script as an executable file and create a scheduled task:
chmod +x backup.sh crontab -e
Add the following line to execute the backup script at 3 am every day:
0 3 * * * /path/to/backup.sh
Save and close the file.
Build a secure Linux server environment on the command line by following the steps above. This will ensure your server is more secure, effectively protecting your data and applications from malicious attacks. Remember to update the system and software in time, change the SSH port, configure the firewall, install and configure Fail2Ban, set up regular backups and other key steps. I hope this article can help you build a more secure Linux server environment.
The above is a Chinese article of nearly 1,500 words, titled "Start from the command line: Building a secure Linux server environment". The article gives some key steps and code examples to help readers build a more secure Linux server environment.
The above is the detailed content of Starting from the command line: Building a secure Linux server environment. For more information, please follow other related articles on the PHP Chinese website!