How To Secure A Linux Server
An evolving how-to guide for securing a Linux server that, hopefully, also teaches you a little about security and why it matters. Table of Contents: - Introduction - Guide Objective - Why Secure Your Server - Why Yet Another Guide - Other Guides - To Do / To Add - Guide Overview - About This Guide - My Use-Case - Editing Configuration Files - For The Lazy - Contributing - Before You Start - Identify Your Principles - Picking A Linux Distribution - Installing Linux Pre/Post Installation Requirements - Other Important Notes - Using Ansible Playbooks to secure your Linux Server - The SSH Server - Important Note Before You Make SSH Changes - SSH Public/Private Keys - Create SSH Group For AllowGroups - Secure /etc/ssh/sshd_config - Remove Short Diffie-Hellman Keys - 2FA/MFA for SSH - The Basics - Limit Who Can Use sudo - Limit Who Can Use su - Run applications in a sandbox with FireJail - NTP Client - Securing /proc - Force Accounts To Use Secure Passwords - Automatic Security Updates and Alerts - More Secure Random Entropy Pool (WIP) - Add Panic/Secondary/Fake password Login Security System - The Network Firewall With UFW (Uncomplicated Firewall) - iptables - Intrusion Detection And Prevention with PSAD - Application Intrusion Detection
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Comprehensive security training platform for web developers, offering hands-on experience with real, vulnerable applications and concrete advice for securing code.
A comprehensive reference guide covering Nessus vulnerability scanner configuration, management, API usage, and best practices.
A practical guide to developing a comprehensive security monitoring and incident response strategy, covering incident response fundamentals, threat analysis, and data analysis.
A condensed field guide for cyber security incident responders, covering incident response processes, attacker tactics, and practical techniques for handling incidents.
A practical guide to enhancing digital investigations with cutting-edge memory forensics techniques, covering fundamental concepts, tools, and techniques for memory forensics.
A comprehensive SQL injection cheat sheet covering various database management systems and techniques.
Comprehensive endpoint protection platform providing unified visibility and security for cloud workloads, endpoints, and containers.
A comprehensive guide to network security monitoring, teaching readers how to detect and respond to intrusions using open source software and vendor-neutral tools.
PINNED
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Proton Pass is a cross-platform password manager that provides encrypted storage, password generation, and security monitoring features with integrated 2FA and dark web monitoring capabilities.
NordVPN is a commercial VPN service that encrypts internet connections and hides IP addresses through a global network of servers, featuring integrated threat protection and multi-device support.
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.