Christopher J. Pace is a freelance Linux consultant who has worked with Linux since 2001. He provides remote Linux support for Linux servers, supporting a variety of Linux software solutions.
I've worked as a remote Linux System Administrator for quite a while, and one thing that I've noticed is that many "administrators" out there don't know how to configure or secure a server properly. This article is a quick reference on some of the more important (and easy) security or configuration tweaks that any administrator should do for their server. These six steps can dramatically increase the security and stability of any Linux server. The best part about these tips, is that they are all quick and easy to do as well, with each step taking less than 15 minutes!
1.) Security Updates Not Installed
Nearly every server that I work on is not running the latest (and most secure) software. Yes, Linux is a great Operating System- but all software has security problems. Enabling the installation of automatic updates via a cron script or similar is the easiest and most foolproof way to ensure that your server isn't compromised. There really isn't any excuse not to install the latest security updates- older packages are saved in the package archives in case there is a stability or compatibility issue, and the updated packages are logged as they are updated.
2.) Disable root login via SSH, and password authentication
Admittedly, I've been guilty of this myself sometimes. Let's face it, everyone likes being able to quickly and easily log into their servers, and change settings. However, if you're using password authentication, what's to keep someone else from logging into your server? In addition, you should not use password authentication on your Linux server, to prevent others from logging into your Linux server. Instead, enable RSA signed authorization keys. This is more secure, since an attacker will not be able to guess or brute force a login session with your server.
3.) Disable or filter extra services
This is the second biggest issue that I see working with new client's servers. Often, the system administrator who setup their Linux server did not perform a necessary final step- filter incoming connections that aren't necessary. I've seen everything from the daytime service running, to MySQL listening for connections on a remote IP. If a Linux administrator is not familiar with iptables, there are several tutorials out there that will show someone how to create even a basic firewall ruleset. In addition, disabling unnecessary services is a basic step in server optimization as well- why run extra services that tie up resources if they aren't needed?
4.) Test accounts or guest accounts still active
Another glaring security issue (and an often exploited one) is that a client will still have test user accounts running (often with extremely easy passwords, such as test) once a software solution is deployed to a production server. I don't need to go into the security ramifications with this one- make sure that you get rid of those guest or test accounts!
5.) Advertising banners left on
We all love advertising, don't we? However, advertising to the world that the version of Apache or Sendmail that you run on your Linux server is 3 years old is not the type of attention that you want. Simply disabling the server banners will help hide your server from the basic script-dependent attackers. Besides, why help the bad guys determine what software your server is running?
6.) PHP errors or application errors
I'm pretty confident that we have all seen an error or two displayed on a website. Some errors that are displayed are not a security issue at all, for instance Javascript errors. However, some errors are security issues (PHP is particularly bad with this), because they disclose sensitive information. The easiest way around this is to disable displaying errors in PHP (or your web applications). Otherwise, an attacker may be given information about your website's database details, or file locations.
These issues are the top 6 security issues that I see on a daily basis in my work. You can all check your server or servers for these quick issues (these tips take almost no time at all), and dramatically increase the security of your server. However, if you have any problems implementing these security steps, please feel free to contact me.
- Related Videos
- Related Articles
- Ask / Related Q&A
Don’t Worry about Your Slow PC from Today
By: topsofts | 08/01/2010Asmw PC Optimizer pro is a collection of over 30 system-maintenance and optimization utility to tuneup windows performance. Registry Repairs, Remove junk files and other optimizer functions.
How to Fix DirectX 11 Problems Rapidly
By: Amit Mehta | 08/01/2010DirectX 11 problems have come to plague many Windows users recently. There seems to be a few specific bugs that causing these DirectX 11 problems. There are a few great ways to fix DirectX 11 errors quickly and painlessly.
Speed up Windows vista - How to make your Windows Vista computer Obviously Faster like new again
By: Jimmie | 07/01/2010Even wonder how to speed up Windows vista? Are you looking for a short cut to make your Windows Vista computer running faster like new again? Now you can get all of these problems resolved by the following easy tips.
Know more about aa rechargeable batteries
By: Benson Arthur | 07/01/2010Consumers should know that the aa rechargeable batteries are generally based on the battery size, shape, voltage, and terminal layout of the battery.
Some Latest Information about xbox 360 cable
By: Benson Arthur | 07/01/2010Consumers should know about the concept of having the usage of cable which is infact a two or more wires running side by side and bonded, twisted or braided together to form a single assembly.
The Library System of Windows 7
By: Adem Disuja | 07/01/2010Compared to the Taskbar and the System Tray, Explorer hasn't modified much in Windows 7. Libraries could just as appropriately have been called File Cabinets, since they gather related folders in one place. By default, you get Libraries labeled Documents, Music, Pictures, and Videos, each of which initially takes you to the operating system standard folders for storing the named items such as My Pictures and Public Pictures.
Windows Vista
By: Clive Harman | 06/01/2010Most significant in Windows Vista is the way it looks. It has brighter colors, more graphics, and capabilities for keeping multiple windows open on the same screen. Think of it as a computer version of picture in picture. This is referred to as Windows Aero and is a completely new graphical user interface.
Computer Operating Systems
By: Clive Harman | 06/01/2010Then some programmers had a vision. They thought it would be wonderful if everyone could use a computer without having to know about complicated programming language. They began designing the first computer operating systems, and soon found success.
Leading Through Turbulent Times
By: Christopher Pace | 11/10/2009 | LeadershipTurbulent times, such as today, can stretch organizations to the max. People get scared, the environment seems unpredictable, and sometime we can't really see where we are going. In these times, there are five keys to leading your organization to the other side.
Estimating the Scope and Impact of Potential Changes
By: Christopher Pace | 11/10/2009 | LeadershipAt this stage of the process, estimating the scope of the potential change is probably an intuitive piece of work. You want to invite creative thinking but not to generate reams of junk. The players won't have much tolerance for that. Also, you don't want to zero in on a specific "fix" just yet, but there still has to be sufficient reality and credibility in this judgment to complete the work of Task I.
Application of the Ten Tasks Model
By: Christopher Pace | 11/10/2009 | LeadershipHow much rigor and attention you must pay to each item listed under each of the ten tasks will depend on its relevance for the situation and the magnitude of the changes you face. For example, in a technology change, the more business process boundaries crossed, the greater the change of skills and knowledge demanded, the larger the impact on collateral systems, and the deeper the impact on culture and careers of the workforce, the more formal attention you must pay to the ten tasks.
Managing Transitions
By: Christopher Pace | 10/10/2009 | Team BuildingAn excerpt from Jeff Evan's book, The Ten Tasks of Change: By this stage in a change effort, if you have been following the Ten Tasks, much of the organization's population has been involved in one way or another. The last few months have probably been dedicated to establishing the new design, planning its implementation, and staffing it. The work to date has specified clearly what is necessary to preserve the integrity of the new system and set the minimum critical specifications for t
Identifying Realistic Metrics for Categories
By: Christopher Pace | 10/10/2009 | LeadershipExcerpt from Jeff Evan's book, Ten Tasks of Change
Phases Two and Three of Organizational Change
By: Christopher Pace | 10/10/2009 | LeadershipExcerpt from Jeff Evan's Book, Ten Tasks of Change After the dust has settled, move on to the second phase, beginning to put more detail into the design concept.
Choosing A Linux Host
By: Christopher Pace | 18/09/2009 | Operating SystemsChoosing a Linux host provider can be one of the biggest decisions that you make with an online business or website. Given the current rate of unreliable hosting operations, it is difficult to find a reputable, professional Linux host that doesn't charge an arm and a leg.
5 Linux VPS Performance Tips
By: Christopher Pace | 02/08/2009 | Operating SystemsAs a freelance Linux consultant, many of my clients are often interested in making their VPS (Virtual Private Server) as responsive as possible. Since VPS servers by nature have somewhat limited system resources (often less than 1 GB of RAM), getting the best VPS performance can be a crucial part of running a successful server.