20 Steps to Harden Linux

Linux malware increased by 35% in just the past year alone. Here’s 20 steps you can use to make your linux servers harder to hack.

1. Vulnerability scan your servers often

 

2. Test new patches

 

3. Patch your servers often and based on criticality

 

4. Create strong unique login password and sudo password (randomly generated)

 

5. Limit user accounts and their access to only what is necessary

 

6. Avoid root login and instead use sudo when possible 

 

7. Use a trusted Password/Key vault

 

8. Do not reuse passwords anywhere 

 

9. Apply entire disk encryption 

 

10. Ensure it’s safely behind a firewall and only if it’s unavoidable should you have ports open to the public

 

11. Ensure service accounts are limited to only perform tasks they are intended to perform

 

12. Backup the servers regularly and save them in multiple locations. Consider Offline backups for the most important servers. Test the backups

 

13. Make sure the servers are part of your disaster recovery plan

 

14. Lock down ssh- ensure root access is disabled, login password is disabled, and only use an authentication key pair for access in ssh

 

15. Only whitelist ssh to and from trusted internal IPs

 

16. Make sure you have endpoint protection installed

 

17. Use an Intrusion prevention software like fail2ban

 

18. Monitor the health with a trusted software

 

19. Forward your linux logs or have them collected remotely for security monitoring in your SIEM

 

20. If possible, have a third party audit your security

Author

ajay Menendez

ajay Menendez

CyberSecurity Servant Leader & Educator - I am the CEO and Founder of Black Tower Security. I have over 30 years of in-business experience in Computers and Technology. I lead an organization that believes that in business and especially in cyber security that cooperation and collaboration are the most important. Our employees, partners, and clients will always be treated with integrity and authenticity.

Black Tower Security offers a range of managed security services.

Related Posts

Leave a Comment

About Us

Black Tower Security is  your white hat MSSP/MDR partner. From culpability to capability, we provide world-class cybersecurity threat protection with integrity.  By supporting your team with quality, education, and people over profits – we keep you and your cyber assets safe.

Recent Posts

Recent Video