Articles tagged "Firewall Settings"

Linux Server Security Hardening: Common Issues for Beginners

2025-12-08 41 views Linux Server Linux Server Security Novice Safety Hardening SSH Security Configuration Firewall Settings Permission Management

Linux server security is crucial for beginners. This article summarizes 7 common issues and their solutions: 1. Simple and long - unused passwords: Use strong passwords (8 characters with uppercase, lowercase, numbers, and special symbols), change them regularly, and switch to SSH keys (generate and upload public keys). 2. Disabling the firewall: Only open necessary ports (e.g., Web 80/443, SSH 22), and disable insecure services like Telnet. 3. Exposing SSH ports to the public network: Restrict IP access and use fail2ban to prevent brute - force attacks. 4. Unupdated system/software: Regularly update via yum/apt and enable automatic updates. 5. Permission confusion (777): Follow the principle of least privilege (directories 755, files 644) and avoid root abuse. 6. Ignoring logs: Configure log rotation and regularly check critical logs like auth.log. 7. Redundant services: Uninstall useless services (e.g., vsftpd) and close unused ports. Core principles: least privilege, closing entry points, timely updates, and log auditing. Beginners can start with strong passwords, restricting SSH access, and closing unnecessary services for long - term maintenance.

Linux Server Security Hardening: 5 Essential Tasks for Beginners

2025-12-08 38 views Linux Server Linux Server Security Must - do for Beginners Server Hardening Security Configuration Firewall Settings

This article addresses Linux server security issues and summarizes 5 simple hardening steps for beginners: 1. **System Update and Patch Management**: Regularly update system packages (use `apt update` + `upgrade` + `autoremove` for Ubuntu/Debian, and `yum`/`dnf update` for CentOS) to fix known vulnerabilities. 2. **Strengthen User Permissions and Authentication**: Disable direct root login, create regular users with sudo privileges, and recommend SSH key-based login (generate key pairs locally and upload public keys to the server). 3. **Configure Firewall**: Only open necessary ports (e.g., SSH, HTTP/HTTPS). For Ubuntu, use `ufw` (enable and allow specified services); for CentOS, use `firewalld` (reload after opening ports), with default rejection of other connections. 4. **Close Unnecessary Services and Ports**: Disable insecure services like FTP and Telnet. Check open ports with `ss -tuln` and remove non-business-essential ports/services. 5. **Log Auditing and Monitoring**: Monitor critical logs such as `/var/log/auth.log` and use `tail -f` for real-time login attempt tracking. Install `fail2ban` to automatically ban repeatedly failed IPs.