Home >Operation and Maintenance >Linux Operation and Maintenance >Build a secure Linux server environment: Master these commands
Build a secure Linux server environment: master these commands
In the current information age, network security issues have become a very important topic. As a server administrator or cloud computing practitioner, it is crucial to build a safe and reliable server environment. This article will introduce some necessary Linux commands to help you build a secure Linux server environment.
First of all, keeping the operating system and software up to date is an important step. System and software can be updated using the following command:
sudo apt update sudo apt upgrade
A firewall is an important tool for protecting your server from unauthorized access. By restricting inbound and outbound traffic, firewalls can detect and block potential attacks. In Linux systems, you can use the iptables command to configure firewall rules. Here are some commonly used firewall commands:
sudo apt install iptables sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT sudo iptables -A INPUT -j DROP sudo iptables-save | sudo tee /etc/iptables/rules.v4
These commands will allow SSH access and block any other inbound connections. Of course, you can customize it according to your needs.
SELinux (Security-Enhanced Linux) is a Linux kernel security module used for mandatory access control. Enabling SELinux provides an additional layer of security. The following are some commands related to SELinux:
sudo apt install selinux-utils selinux-basics selinux-policy-default sudo selinux-activate sudo reboot
After executing the above command, the system will enable SELinux and restart.
SSH (Secure Shell) is an encrypted remote login protocol that is very commonly used for server management. The following are some commands to set up SSH security:
sudo nano /etc/ssh/sshd_config
In the opened file, modify the following parameters:
Port 2222 PermitEmptyPasswords no PermitRootLogin no PasswordAuthentication no
After saving and exiting the file, restart the SSH service:
sudo systemctl restart ssh
These commands will change the default SSH port to 2222, disable empty password login, disable root login, and disable password authentication.
Fail2ban is a tool used to protect SSH services from brute force attacks. It monitors log files for login attempts and automatically blocks malicious IP addresses based on configured rules. Use the following command to install Fail2ban:
sudo apt install fail2ban
After the installation is complete, you need to perform some configuration on Fail2ban. In the /etc/fail2ban/jail.local
file, add the following:
[sshd] enabled = true port = 2222 maxretry = 3
These configurations will enable Fail2ban and monitor SSH login attempts on port 2222. Fail2ban will automatically ban the IP address when the number of login attempts exceeds 3 times.
To protect your server from viruses and malware, you can install a virus scanner. ClamAV is an open source virus scanning engine that can be installed using the following command:
sudo apt install clamav sudo freshclam
After the installation is complete, you can use the following command to scan the server:
sudo clamscan -r /
This is a very time-consuming process, so you can use option -r
to specify the directories that need to be scanned.
By mastering the above commands, you can build a relatively safe Linux server environment. Of course, in actual applications, just using these commands is not enough. The server also needs to be checked and updated regularly. At the same time, it is recommended to learn more about host security measures from the cloud service provider.
I wish you a safe and reliable server environment!
The above is the detailed content of Build a secure Linux server environment: Master these commands. For more information, please follow other related articles on the PHP Chinese website!