The road to key commands to improve Linux server security

The path to key commands to improve the security of Linux servers

With the rapid development of the Internet, Linux servers have become the first choice for many enterprises and individuals. However, due to the complexity of the network environment and the increasing number of malicious attacks, protecting the security of Linux servers has become critical. This article will introduce some key Linux commands to help you improve the security of your server.

1. Using a Firewall

A firewall is an important tool for protecting your server from unauthorized access and malware attacks. In Linux, use the iptables command to configure and manage firewall rules.

For example, use the following command to allow SSH access while denying other unnecessary inbound connections:

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -j DROP

2. Update software package

Update the server in time The software packages on the server are key to improving server security. By keeping software packages up to date, you can fill security holes and reduce the risk of your system being attacked.

Use the following command to update the package:

sudo apt-get update
sudo apt-get upgrade

3. Disable unnecessary services

Linux servers usually have some default services installed, such as FTP and Telnet. However, these services may pose security risks.

Use the following command to check for running services and disable unnecessary services:

sudo service --status-all
sudo service [service_name] stop
sudo update-rc.d -f [service_name] remove

4. Password Policy

A strong password policy can prevent Malicious users log in by guessing passwords. Linux provides passwd and chage commands for setting and managing user passwords.

For example, use the following command to set the minimum password length and password expiration policy:

sudo vi /etc/login.defs

PASS_MIN_LEN 8
PASS_MAX_DAYS 90

Then, use the passwd command to set a password for the user:

sudo passwd [username]

5. Enable SSH password Key login

SSH key login is more secure than password login. By using a public and private key pair, malicious users can be prevented from logging in through brute force password cracking.

First, generate an SSH key pair for the server:

ssh-keygen

Then, copy the public key to the ~/.ssh/authorized_keys file on the server:

cat ~/.ssh/id_rsa.pub | ssh [username]@[server_address] "cat >> ~/.ssh/authorized_keys"

Now you can use your private key for SSH login.

6. Monitor system logs

Monitoring your server's system logs can help you identify potential security issues and unusual activity. Linux uses the syslogd service to record system logs.

For example, use the following command to view the syslog log file:

sudo tail -f /var/log/syslog

7. File permissions

Correctly setting the permissions of files and directories is necessary to protect server security measure. Use the chmod and chown commands to set appropriate permissions for files and directories.

For example, use the following command to set the directory permissions to 750:

sudo chmod 750 [directory_name]

Summary

In terms of protecting the security of Linux servers, it is very important to master some key commands. This article introduces key commands such as firewalls, package updates, disabling unnecessary services, password policies, SSH key login, system log monitoring, and file permissions. By correctly understanding and using these commands, you can improve the security of your Linux server and reduce potential security threats.

The above is the detailed content of The road to key commands to improve Linux server security. For more information, please follow other related articles on the PHP Chinese website!