Home > Operation and Maintenance > Linux Operation and Maintenance > Harden your Linux server security with command line tools

Harden your Linux server security with command line tools

WBOY
Release: 2023-09-08 13:50:02
Original
1180 people have browsed it

Harden your Linux server security with command line tools

Reinforce your Linux server security with command line tools

In today’s digital age, server security is an important guarantee for any website and application. As one of the most popular choices, Linux server security has also become the focus of everyone's attention. In order to strengthen the security of your Linux server, you can use command line tools for hardening. This article will introduce some commonly used command line tools and their usage examples to help you better harden your server.

  1. Fail2Ban
    Fail2Ban is a tool used to prevent malicious logins, DDoS attacks, etc. It monitors the server's log files and automatically adds the attacker's IP address to the blocked access list after detecting multiple login failures or malicious behavior, thereby protecting the security of the server.

Install Fail2Ban:

sudo apt-get install fail2ban
Copy after login

Configure Fail2Ban:

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo vi /etc/fail2ban/jail.local
Copy after login

In the configuration file, you can modify some parameters, such as setting the location of the monitoring log file and the maximum login Number of failures, ban time, etc. After completion, restart the Fail2Ban service:

sudo service fail2ban restart
Copy after login
  1. SSH configuration
    SSH (Secure Shell) is a common tool for remote login to the server. To enhance the security of SSH, you can modify the SSH configuration file to limit the number of login attempts and disable root user login.

Edit the SSH configuration file:

sudo vi /etc/ssh/sshd_config
Copy after login

Modify the values ​​of the following parameters to the required security settings:

PermitRootLogin no  #禁用root用户登录
MaxAuthTries 3  #限制登录尝试次数
Copy after login

Save the configuration file and restart the SSH service:

sudo service sshd restart
Copy after login
  1. IPTables
    IPTables is the default firewall tool for Linux systems, which can restrict access to the server by configuring rules. You can use IPTables to block specific IP addresses, ports, or protocols to improve server security.

Add IPTables rules:

sudo iptables -A INPUT -s <IP地址> -j DROP
Copy after login

For example, to block access to the IP address 192.168.1.100:

sudo iptables -A INPUT -s 192.168.1.100 -j DROP
Copy after login

Use the following command to view the current IPTables rules:

sudo iptables -L
Copy after login
  1. Lynis
    Lynis is an open source security audit tool used to inspect and assess security risks on Linux systems. It can scan configuration files, processes, users, etc. in the system and provide corresponding suggestions and repair suggestions. Here is a simple example of using Lynis:

Install Lynis:

sudo apt-get install lynis
Copy after login

Run a Lynis scan:

sudo lynis audit system
Copy after login

Lynis will scan your system and output a detailed Report containing discovered security issues and recommended fixes.

Summary
The above introduces some commonly used command line tools. By using these tools, you can strengthen the security of your Linux server. However, these are just some basic security measures. In order to further improve the security of the server, you also need to regularly update the operating system and software, use complex passwords, regularly back up data, etc. Only by using a combination of security measures can you better protect your server and data from attacks.

The above is the detailed content of Harden your Linux server security with command line tools. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template