In the Internet era, Linux servers serve as a core infrastructure, making security issues crucial. Many newcomers overlook security configurations after setting up servers, leading to risks like unauthorized access and data breaches. This article summarizes 5 simple and actionable security hardening steps for beginners to quickly enhance server security.

1. System Updates and Patch Management: Fix Known Vulnerabilities¶

Why Important: New systems or software packages often contain security vulnerabilities. Timely updates close these “backdoors.”

Steps (for common systems):
- Ubuntu/Debian:
1. Update package sources: sudo apt update (fetch latest package info)
2. Install all updates: sudo apt upgrade -y (-y auto-confirms installation)
3. Clean old cached packages: sudo apt autoremove -y

• CentOS/RHEL:
  1. Update system packages: sudo yum update -y or sudo dnf update -y

Tip: Back up important data before updating to avoid system corruption from power outages or network issues.

2. Strengthen User Permissions and Authentication: Avoid “Naked” Logins¶

Why Important: Direct root login is extremely risky. Weak passwords or brute-force attacks can hijack the server.

Steps:
- Disable direct root login (recommended):
1. Edit SSH config: sudo nano /etc/ssh/sshd_config
2. Find PermitRootLogin yes and change to PermitRootLogin no
3. Restart SSH service: sudo systemctl restart sshd

• Create a regular user with sudo privileges:
  1. Create a new user: sudo adduser myuser (customize username, e.g., “server”)
  2. Set password: sudo passwd myuser (follow password prompts)
  3. Grant sudo access: sudo usermod -aG sudo myuser

• Recommended: SSH Key Login (more secure than passwords):
  1. Generate key pair locally (Windows requires Git Bash or PuTTY): ssh-keygen -t ed25519 (press Enter to confirm defaults)
  2. Upload public key to server: scp ~/.ssh/id_ed25519.pub myuser@server-ip:/tmp/id_ed25519.pub
  3. Move public key to authorized keys:

     ssh myuser@server-ip "mkdir -p ~/.ssh && cat /tmp/id_ed25519.pub >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

4. Login with private key: ssh -i ~/.ssh/id_ed25519 myuser@server-ip

3. Configure Firewall: Only Open “Necessary Doors”¶

Why Important: Firewalls block external port scans and malicious connections, only allowing ports required for business (e.g., SSH, HTTP/HTTPS).

Steps (Ubuntu example; CentOS uses firewalld):
1. Install and enable ufw (pre-installed on Ubuntu):

   sudo apt install ufw -y  # Only needed for Ubuntu
   sudo ufw enable          # Activate firewall

2. Open necessary ports:
   - Allow SSH: sudo ufw allow ssh
   - Allow HTTP (80/TCP): sudo ufw allow 80/tcp
   - Allow HTTPS (443/TCP): sudo ufw allow 443/tcp

3. Deny all other incoming traffic: sudo ufw default deny incoming

4. Check firewall status: sudo ufw status

For CentOS users:

sudo systemctl start firewalld  # Start service
sudo systemctl enable firewalld # Auto-start on boot
sudo firewall-cmd --permanent --add-service=ssh  # Open SSH
sudo firewall-cmd --permanent --add-port=80/tcp   # Open HTTP
sudo firewall-cmd --reload  # Apply changes

4. Disable Unnecessary Services and Ports: Reduce Attack Surface¶

Why Important: Default server services (e.g., FTP, Telnet) may have high-risk vulnerabilities and should be disabled if unused.

Steps:
1. Check and disable unused services:
- List running services: sudo systemctl list-units --type=service
- Disable FTP (insecure protocol): sudo systemctl disable --now vsftpd
- Disable Telnet (plaintext transmission): sudo systemctl disable --now telnet

2. Check open ports:

   sudo ss -tuln       # Efficiently list TCP/UDP open ports (recommended)

Example: If FTP is unused, ensure no 21 port appears in ss -tuln output.

5. Log Auditing and Basic Monitoring: Detect Abnormal Logins¶

Why Important: Logs are critical for investigating security incidents. Timely log checks reveal brute-force attacks or unauthorized access.

Steps:
1. Enable key logs (usually enabled by default):
- Login logs: /var/log/auth.log (records all login attempts)
- System logs: /var/log/syslog (records system runtime status)

2. Monitor logins in real-time:

   tail -f /var/log/auth.log  # Stream login logs; press Ctrl+C to stop

If unfamiliar IPs repeatedly attempt logins (e.g., multiple failures), be cautious of brute-force attacks.

3. Simple Brute-force Protection:
   On Ubuntu/Debian: sudo apt install fail2ban -y (automatically blocks repeated failed attempts)

   sudo systemctl enable --now fail2ban  # Start and auto-start
   sudo fail2ban-client status            # Check blocked IPs

Conclusion¶

The above 5 steps form a “basic package” for Linux server security hardening. Implementing them significantly reduces attack risks. For advanced protection, consider deeper measures (e.g., regular backups, intrusion detection, SSL certificate hardening). These 5 steps are sufficient to prevent most common security issues for beginners.

Critical Reminder: Back up server data before operations. Familiarize yourself with commands in a test environment before applying them to production. Security requires ongoing vigilance—regularly update systems (monthly) and audit logs (quarterly) to keep servers robust!