Home >Operation and Maintenance >Linux Operation and Maintenance >Linux Server Security: Use Commands to Protect Your System

Linux Server Security: Use Commands to Protect Your System

PHPz
PHPzOriginal
2023-09-08 10:42:311351browse

Linux Server Security: Use Commands to Protect Your System

Linux Server Security: Use Commands to Protect Your System

Overview:

In the modern Internet era, server security has become a vital topic . For servers using the Linux operating system, there are many powerful commands that can help us protect system security. This article will introduce some commonly used commands to help you improve the security of your Linux server.

  1. Protect your server with a firewall

A firewall is the primary tool for protecting your server from unauthorized access. In Linux, we can use the iptables command to configure and manage firewall rules. Here are some examples of commonly used iptables commands:

  • View current firewall rules:
iptables -L
  • Allow a specific IP to access port 80:
iptables -A INPUT -p tcp --dport 80 -s 192.168.0.1 -j ACCEPT
  • Block specific IPs from accessing port 22 (SSH):
iptables -A INPUT -p tcp --dport 22 -s 192.168.0.2 -j DROP

The above commands are just a few examples, you can customize more complex firewall rules according to your needs.

  1. Use fail2ban to defend against brute force cracking

Brute force cracking is one of the common attack methods used by hackers. To prevent brute force attacks, we can use fail2ban to monitor login attempts and automatically block malicious IPs. Here are example commands to install and configure fail2ban on Ubuntu:

  • Install fail2ban:
sudo apt-get update
sudo apt-get install fail2ban
  • Create a custom configuration file:
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
  • Edit the configuration file (for example, change bantime to 3600):
sudo nano /etc/fail2ban/jail.local
  • Start the fail2ban service:
sudo systemctl start fail2ban
sudo systemctl enable fail2ban
sudo systemctl status fail2ban

Go through the above steps , fail2ban will automatically monitor SSH login attempts, and if malicious behavior is detected, it will automatically block the IP for a period of time.

  1. Use SSH key login instead of password login

Using SSH key login can improve the security of the server, because the key is much harder to crack than the password. Here is a simple example of logging in using an SSH key:

  • Generate SSH key:
ssh-keygen -t rsa
  • Copy the public key to the server:
ssh-copy-id username@your_server_ip
  • Modify the SSH configuration file to disable password login:
sudo nano /etc/ssh/sshd_config

Find PasswordAuthentication in the file and modify it to no.

  • Restart the SSH service:
sudo systemctl restart sshd

Now you can log in using your SSH key without entering a password.

  1. Update operating system and software packages

Regularly updating the operating system and software packages is a critical step in maintaining server security. With updates, you get the latest security fixes, as well as new features and improvements. Here is a sample command to update the Ubuntu operating system and packages:

  • Update package list:
sudo apt-get update
  • Update installed packages:
sudo apt-get upgrade
  • Update operating system version:
sudo apt-get dist-upgrade
  1. Back up important data regularly

Last but not least, backup regularly Important data on the server. Backups can help you recover your data and reduce losses in the event of a hacker attack, hardware failure, or other problem. You can use the rsync command to synchronize data to a remote server or external storage device. The following is a simple rsync command example:

rsync -avz /path/to/source username@remote_server:/path/to/destination

With the above command, you can copy the contents of the source directory to a remote server or a specified target location.

Conclusion:

Securing a Linux server is an important and evolving task. In this article, we introduce some commonly used commands and examples that can help you improve the security of your server. However, server security relies on more than just commands and configuration, and requires ongoing monitoring and updates. Please make sure to take other necessary security measures when protecting your server and stay current on security best practices.

(Note: The above example commands are applicable to Ubuntu operating system, other Linux distributions may be different)

The above is the detailed content of Linux Server Security: Use Commands to Protect Your System. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn