20 Steps to Harden Linux

Linux malware increased by 35% in just the past year alone. Here’s 20 steps you can use to make your linux servers harder to hack.

1. Vulnerability scan your servers often


2. Test new patches


3. Patch your servers often and based on criticality


4. Create strong unique login password and sudo password (randomly generated)


5. Limit user accounts and their access to only what is necessary


6. Avoid root login and instead use sudo when possible 


7. Use a trusted Password/Key vault


8. Do not reuse passwords anywhere 


9. Apply entire disk encryption 


10. Ensure it’s safely behind a firewall and only if it’s unavoidable should you have ports open to the public


11. Ensure service accounts are limited to only perform tasks they are intended to perform


12. Backup the servers regularly and save them in multiple locations. Consider Offline backups for the most important servers. Test the backups


13. Make sure the servers are part of your disaster recovery plan


14. Lock down ssh- ensure root access is disabled, login password is disabled, and only use an authentication key pair for access in ssh


15. Only whitelist ssh to and from trusted internal IPs


16. Make sure you have endpoint protection installed


17. Use an Intrusion prevention software like fail2ban


18. Monitor the health with a trusted software


19. Forward your linux logs or have them collected remotely for security monitoring in your SIEM


20. If possible, have a third party audit your security


ajay Menendez

ajay Menendez

CyberSecurity Servant Leader & Educator - I am the CEO and Founder of Black Tower Security. I have over 30 years of in-business experience in Computers and Technology. I lead an organization that believes that in business and especially in cyber security that cooperation and collaboration are the most important. Our employees, partners, and clients will always be treated with integrity and authenticity.

Black Tower Security offers a range of managed security services.

Related Posts

Leave a Comment

About Us

Black Tower Security is  your white hat MSSP/MDR partner. From culpability to capability, we provide world-class cybersecurity threat protection with integrity.  By supporting your team with quality, education, and people over profits – we keep you and your cyber assets safe.

Recent Posts

Recent Video