Running a Linux server comes with responsibility: you need to harden your system to protect your data and prevent unauthorized access. This guide explains how to safeguard your server, defend against hackers, and maintain a strong security posture.
Essential Security Steps
1. Keep Your System Updated
Regular updates patch vulnerabilities and reduce security risks.
Debian/Ubuntu:
sudo apt update && sudo apt upgrade -y RHEL/CentOS:
sudo dnf update -y 2. Disable Root Login and Create a Separate User
Edit the SSH configuration file:
sudo nano /etc/ssh/sshd_config Set:
PermitRootLogin no3. Use SSH Keys Instead of Passwords
Generate an SSH key pair:
ssh-keygen -t rsa -b 4096 Copy it to your server:
ssh-copy-id user@your-server-ip Firewall & Intrusion Prevention
1. Configure Firewall (UFW on Ubuntu)
sudo ufw allow 2222/tcp sudo ufw enable 2. Install and Enable Fail2Ban
sudo apt install fail2ban -y sudo systemctl enable fail2ban –now Add SSH protection rules:
sudo nano /etc/fail2ban/jail.local [sshd] enabled = true maxretry = 3 bantime = 3600 Detecting and Responding to Threats
1. Monitoring Login Attempts
last -a 2. Respond to Suspected Compromises
Change passwords and remove unauthorized SSH keys:
passwd root rm -rf ~/.ssh/authorized_keys 3. Scan for Malware
sudo apt install clamav -y sudo freshclam sudo clamscan -r / --remove For severe breaches, consider reinstalling the server and restoring from a clean backup.
Backup and Disaster Recovery
1. Local Backup Using rsync
rsync -a /var/www/html /backup/ 2. Remote Backup Using Contabo S3-Compatible Object Storage
aws s3 cp /backup/ s3://your-bucket-name --recursive 3. Automate Backups with Cron
crontab -e 0 2 * * * rsync -a /var/www/html /backup/ Alternatively, use Contabo’s Auto Backup add-on for fully automated backups.
Watch Our YouTube Video on How to Secure Your Linux Server
If you prefer a visual walk-through, we have a YouTube video on our channel ready for you:
Conclusion
Securing your Linux server involves keeping your system updated, disabling root login, using SSH keys, configuring a firewall, monitoring for threats, and maintaining reliable backups.
