I worked as administrator of the remote Linux system for some time, and one thing I noticed is that “many managers” there do not know to configure, such as a server, or certainly true. This article is pinching a quick reference to some key (and easily) the security or configuration that each director should do to the server. These six steps can greatly increase security and stability of Linux servers. The best part about these boards is that they quickly and easily do as well at each stage under 15 minutes!
1.) Security updates are not installed
Almost all the servers I work is not the latest (and safest) software. Yes, Linux is a great software operating system, but all security problems. Allow the installation of automatic updates using a cron script, or is similar to the most simple and easy to make sure that your server is not compromised. There’s really no excuse for not installing the latest security updates for older packages are stored in the archive package, if there is stability or compatibility problems and updated packages to papers as they are updated.
2nd stop) using the root login via SSH authentication and password
While I myself am guilty sometimes leave. Let’s face it, everyone loves the ability to change quickly and easily connect to their servers, and settings. However, if you use authentication by password, what to keep someone else to connect to your server? In addition, you should not use the authentication password to prevent your Linux server, others by connecting to your Linux server. Instead, a signed authorization allowing RSA key. This is more secure because an attacker will not be able to guess or brute force a session connection with the server.
3rd filter) or additional locks
This is the second major problem is that I look at new customers with servers. Often, the system administrator to build their Linux server does not automatically filters required final step inbound connections that are not necessary. I saw everything from running day services, MySQL is listening for connections on a remote IP address. If a Linux administrator is not familiar with iptables, there are several tutorials that someone will show you how even a set of rules simple firewall. Also, disable unnecessary services is a fundamental step to optimize the server and why the additional services that will link resources if they are not necessary?
4.) Trial accounts or the accounts of customers still actively
Another glaring security hole (and is often used) that the client will not be test-user is run (often with passwords very simple, such as the test) if a software solution for a server production deployment. I’m not the security implications of this mono-Make sure to get rid of you, the guest or trial accounts!
Banner 5.) Left
We all love the publicity, is not it? However, advertising to the world that the version of Apache or Sendmail, you run on your Linux server, 3 years is not the kind of attention you want. If you uncheck the banner server will help you hide your server from the basic script-dependent attackers. And then, why support for the bad guys decide what software your server is running?
6.) PHP or application errors,
I am very confident that we have seen every one or two errors are displayed on a website. Some errors seem to be, not a safety issue at all, error, such as Javascript. However, some security errors (PHP have particularly wrong with that), because they reveal sensitive information. The easiest way to disable it, the display bug in PHP (or your web applications). Otherwise, an attacker May receive information on the database of your website details or locations.
These questions are at the top 6 of the security problems that I see daily in my work. You can check all of your server or servers for quick questions (these tips will make almost all) at any time, and dramatically increase the security of your server. However, if you have any problems, the implementation of these security measures, please contact me.