Latest Posts

Linux Security Hardening

Posted on by Rishan Solutions

Loading

Linux is known for its security and stability, but like any operating system, it requires proper security hardening to minimize vulnerabilities and protect against cyber threats. Hardening involves implementing best practices, security configurations, and monitoring mechanisms to enhance the security of Linux systems.

This guide provides step-by-step Linux security hardening techniques for system administrators, security professionals, and DevOps engineers.

1. Keep the System Updated

🔹 Regularly update Linux to patch security vulnerabilities.
🔹 Use package managers like apt, yum, dnf, or zypper based on your Linux distribution.

Update Commands:

  • Ubuntu/Debian: sudo apt update && sudo apt upgrade -y
  • CentOS/RHEL: sudo yum update -y
  • Fedora: bashCopyEditsudo dnf update -y

Best Practice: Enable automatic updates using unattended-upgrades (Debian/Ubuntu) or dnf-automatic (RHEL-based systems).

2. Manage User Accounts and Permissions

🔹 Disable the root account for direct login.
🔹 Enforce strong passwords and set password expiration policies.
🔹 Use least privilege principle by assigning only required permissions.

Commands:

  • Disable Root Login: sudo passwd -l root
  • Create a New User & Assign Sudo Privileges: sudo adduser username sudo usermod -aG sudo username
  • Set Password Expiration Policy: sudo chage -M 90 -m 7 -W 14 username

Best Practice: Use sudo instead of su and log all sudo commands.

3. Secure SSH Configuration

🔹 Disable root login via SSH.
🔹 Change the default SSH port (22) to a non-standard port.
🔹 Use key-based authentication instead of passwords.

Secure SSH Settings:
Edit SSH configuration file:

sudo nano /etc/ssh/sshd_config
  • Disable Root Login: PermitRootLogin no
  • Change Default Port (e.g., 2222): Port 2222
  • Disable Password Authentication (Enable Key-based Auth): PasswordAuthentication no
  • Restart SSH Service: sudo systemctl restart sshd

Best Practice: Use fail2ban to block SSH brute-force attacks.

4. Configure a Firewall

🔹 Restrict unnecessary incoming and outgoing connections.
🔹 Use UFW (Uncomplicated Firewall) for Ubuntu/Debian and firewalld for CentOS/RHEL.

Firewall Commands:

  • Enable UFW (Ubuntu/Debian): sudo ufw enable sudo ufw allow 22/tcp # Allow SSH sudo ufw allow 80/tcp # Allow HTTP sudo ufw allow 443/tcp # Allow HTTPS sudo ufw status verbose
  • Enable Firewalld (CentOS/RHEL): sudo systemctl enable firewalld sudo systemctl start firewalld sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --reload

Best Practice: Block unused ports and limit ICMP (ping) requests.

5. Enable SELinux or AppArmor

🔹 Use SELinux (CentOS/RHEL) or AppArmor (Ubuntu) to enforce security policies.
🔹 Prevent unauthorized access to system resources.

Enable SELinux:

  • Check SELinux status: sestatus
  • Set SELinux to enforcing mode: sudo setenforce 1 sudo sed -i 's/SELINUX=permissive/SELINUX=enforcing/g' /etc/selinux/config

Enable AppArmor (Ubuntu/Debian):

sudo systemctl enable apparmor
sudo systemctl start apparmor

✔ Best Practice: Use audit logs to monitor SELinux/AppArmor policy violations.

6. Disable Unnecessary Services

🔹 Reduce the attack surface by stopping unused services.
🔹 Check running services using:

sudo systemctl list-units --type=service --state=running

🔹 Disable unwanted services:

sudo systemctl stop service-name
sudo systemctl disable service-name

Best Practice: Remove default applications and disable IPv6 if not needed.

7. Enable Logging and Auditing

🔹 Use auditd to track system activities.
🔹 Monitor authentication logs for suspicious logins.

Enable Audit Logging:

sudo apt install auditd -y
sudo systemctl enable auditd
  • Check authentication logs: sudo cat /var/log/auth.log # Ubuntu/Debian sudo cat /var/log/secure # CentOS/RHEL

Best Practice: Configure log rotation using logrotate to avoid disk overflow.

8. Use Intrusion Detection Systems (IDS)

🔹 Deploy IDS tools to detect security breaches.
🔹 Use AIDE (Advanced Intrusion Detection Environment) for integrity monitoring.

Install and Configure AIDE:

sudo apt install aide -y
sudo aideinit
  • Update database after modifications: bashCopyEditsudo aide --check

Best Practice: Implement Tripwire or OSSEC for host-based intrusion detection.

9. Secure Disk Encryption and Data Protection

🔹 Use LUKS (Linux Unified Key Setup) for full disk encryption.
🔹 Encrypt sensitive files using gpg.

Encrypt Disk with LUKS:

sudo cryptsetup luksFormat /dev/sdX
sudo cryptsetup open /dev/sdX my_encrypted_drive

Best Practice: Use automated backups with encrypted storage.

10. Secure Containers and Virtual Machines

🔹 Use Seccomp, AppArmor, and SELinux for container security.
🔹 Regularly scan Docker images for vulnerabilities.

Scan Docker Images:

docker scan image-name

Best Practice: Apply kernel hardening using sysctl.

Leave a Reply

Your email address will not be published. Required fields are marked *