Hardening Linux Servers: Using Command Line Tools to Improve Security

Harden Linux servers: Use command line tools to improve security

Overview:
In today's network environment, server security is crucial. To protect your server from malicious attacks and unauthorized access, hardening your Linux server using command line tools is a necessary step. This article will introduce some commonly used command line tools, as well as their usage methods and sample codes to help you improve the security of your server.

SSH encrypted transmission:
SSH (Secure Shell) is an encrypted network protocol used for remote login and command execution. By using SSH, malicious users can be prevented from intercepting and eavesdropping on data in transit. Here is sample code to generate and use a key pair using SSH:

1. Generate an SSH key pair:

   ssh-keygen -t rsa -b 4096

2. Copy the public key to Remote server:

   ssh-copy-id 用户名@IP地址

3. Disable password login (optional):

   sudo vi /etc/ssh/sshd_config

Find the line #PasswordAuthentication yes, Change it to PasswordAuthentication no, then save and exit.

4. Restart SSH service:

   sudo systemctl restart sshd

Firewall settings:
A firewall is a network security device used to monitor and control the network data flow on. Use a firewall to limit inbound and outbound traffic on your server, providing protection against malicious attacks. The following is sample code to set firewall rules using the iptables command:

1. Install iptables:

   sudo apt-get install iptables

2. Create a new firewall Rules file:

   sudo touch /etc/iptables.rules
   sudo vi /etc/iptables.rules

Add the following rules in the file:

*filter
# 默认策略
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]

# 允许本地回环接口的访问
-A INPUT -i lo -j ACCEPT

# 允许已经建立的、相关的连接进入
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# 允许SSH连接
-A INPUT -p tcp --dport 22 -j ACCEPT

# 允许其他必要的端口
# -A INPUT -p tcp --dport 80 -j ACCEPT
# -A INPUT -p tcp --dport 443 -j ACCEPT

# 允许ICMP (Ping)请求
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# 允许限制的IP地址范围
-A INPUT -s 允许连接的IP地址/子网掩码 -j ACCEPT

# 允许某个IP地址范围的访问
# -A INPUT -s 允许连接的IP地址/子网掩码 -j ACCEPT

# 拒绝所有其他入站流量
-A INPUT -j DROP

COMMIT

3. Load firewall rules and set startup:

   sudo iptables-restore < /etc/iptables.rules
   sudo touch /etc/network/if-pre-up.d/iptables
   sudo chmod +x /etc/network/if-pre-up.d/iptables
   sudo vi /etc/network/if-pre-up.d/iptables

Add the following to the file:

#!/bin/sh
/sbin/iptables-restore < /etc/iptables.rules

4. Restart the server to apply the new firewall rules:

   sudo reboot

Log and Monitoring:
Logging and monitoring are important components of server security. By regularly reviewing server logs, unusual activity can be discovered and acted upon. The following is sample code using common logging and monitoring tools:

1. View system logs:

   sudo tail -f /var/log/syslog

2. View authorized user logs:

   sudo tail -f /var/log/auth.log

3. Monitor network connections:

   sudo apt-get install nethogs
   sudo nethogs

4. Monitor system resource usage:

   sudo apt-get install htop
   sudo htop

Summary:
By using the above command line tools and sample code, you can enhance the security of your Linux server. From generating SSH key pairs and disabling password logins to setting up firewall rules and monitoring server logs, these steps can help you protect your server from malicious attacks and unauthorized access. When operating and maintaining the server, be sure to regularly review server logs and monitor system resource usage to ensure the security and stability of the server.

The above is the detailed content of Hardening Linux Servers: Using Command Line Tools to Improve Security. For more information, please follow other related articles on the PHP Chinese website!