Build a secure Linux server environment: Master these commands

Build a secure Linux server environment: master these commands

In the current information age, network security issues have become a very important topic. As a server administrator or cloud computing practitioner, it is crucial to build a safe and reliable server environment. This article will introduce some necessary Linux commands to help you build a secure Linux server environment.

1. Update system and software

First of all, keeping the operating system and software up to date is an important step. System and software can be updated using the following command:

sudo apt update
sudo apt upgrade

2. Install Firewall

A firewall is an important tool for protecting your server from unauthorized access. By restricting inbound and outbound traffic, firewalls can detect and block potential attacks. In Linux systems, you can use the iptables command to configure firewall rules. Here are some commonly used firewall commands:

sudo apt install iptables
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -j DROP
sudo iptables-save | sudo tee /etc/iptables/rules.v4

These commands will allow SSH access and block any other inbound connections. Of course, you can customize it according to your needs.

3. Enable SELinux

SELinux (Security-Enhanced Linux) is a Linux kernel security module used for mandatory access control. Enabling SELinux provides an additional layer of security. The following are some commands related to SELinux:

sudo apt install selinux-utils selinux-basics selinux-policy-default
sudo selinux-activate
sudo reboot

After executing the above command, the system will enable SELinux and restart.

4. Set up SSH security

SSH (Secure Shell) is an encrypted remote login protocol that is very commonly used for server management. The following are some commands to set up SSH security:

sudo nano /etc/ssh/sshd_config

In the opened file, modify the following parameters:

Port 2222
PermitEmptyPasswords no
PermitRootLogin no
PasswordAuthentication no

After saving and exiting the file, restart the SSH service:

sudo systemctl restart ssh

These commands will change the default SSH port to 2222, disable empty password login, disable root login, and disable password authentication.

5. Install Fail2ban

Fail2ban is a tool used to protect SSH services from brute force attacks. It monitors log files for login attempts and automatically blocks malicious IP addresses based on configured rules. Use the following command to install Fail2ban:

sudo apt install fail2ban

After the installation is complete, you need to perform some configuration on Fail2ban. In the /etc/fail2ban/jail.local file, add the following:

[sshd]
enabled = true
port = 2222
maxretry = 3

These configurations will enable Fail2ban and monitor SSH login attempts on port 2222. Fail2ban will automatically ban the IP address when the number of login attempts exceeds 3 times.

6. Install a virus scanner

To protect your server from viruses and malware, you can install a virus scanner. ClamAV is an open source virus scanning engine that can be installed using the following command:

sudo apt install clamav
sudo freshclam

After the installation is complete, you can use the following command to scan the server:

sudo clamscan -r /

This is a very time-consuming process, so you can use option -r to specify the directories that need to be scanned.

By mastering the above commands, you can build a relatively safe Linux server environment. Of course, in actual applications, just using these commands is not enough. The server also needs to be checked and updated regularly. At the same time, it is recommended to learn more about host security measures from the cloud service provider.

I wish you a safe and reliable server environment!

The above is the detailed content of Build a secure Linux server environment: Master these commands. For more information, please follow other related articles on the PHP Chinese website!