Improving Server Security (Firewall, Tools, Rules, and Tips)

Improving Server Security Firewall Tools Rules and Tips
Linux Security

Securing your server from any kind of attacks is a key part of any web hosting provider or system administrator. You should implement a strong security policy to minimize risks and keep your data safe. There are several tips and tricks to improve your server’s security and protect it from malicious attempts to enter.

In this tutorial, we will show you some useful tips and tricks to secure your server.

Read moreImproving Server Security (Firewall, Tools, Rules, and Tips)

How and Why to Change the Default SSH Port on Linux

In this tutorial, we will show you how to change the SSH default port in Linux, and go over why changing this default port is a good idea. IMPORTANT: Before we go any further, you should understand that this is not a solution that will prevent or deter a determined hacker to attack your SSH service. It is merely a measure to help you avoid the thousands or automated bots running all the time scanning vast ranges of IP space searching for standard SSH ports being open. Preventing a determined hacker from brute-forcing your SSH service is beyond the scope of this article.

SSH, also known as Secure Shell, is the most widely-used protocol for connecting to and managing Linux systems remotely. SSH offers strong encryption and authentication along with excellent customizability, and using SSH gives you the freedom of accessing a remote machine. You can run services and software as if you were physically using the machine, no matter where you are.

By default, SSH runs on port 22. Since this is common knowledge, this port often becomes a target for brute force attacks. Because this provides full access to your server’s OS, people with malicious intent will often target port 22 more than any other port. Changing the default SSH port will prevent automated attacks that don’t spend the time to rotate ports when targeting a Linux Server. To protect your server from a brute force attack, you should change the default SSH port to something else.

Read moreHow and Why to Change the Default SSH Port on Linux

How to Install Let’s Encrypt on Ubuntu 20.04 with Apache

In this article, we will show you how to install the Let’s Encrypt client on your Ubuntu 20.04 VPS, issue an SSL certificate for your domain, and configure it with the Apache web server.

Let’s Encrypt is a certificate authority organization (CA) that allows anyone to obtain a free SSL certificate with simple and automated commands. In this tutorial, we will use a tool called certbot, which is an official part of EFF’s effort to encrypt the entire Internet. Thanks to this convenient tool, setting up an SSL certificate to protect your website’s visitors and improve your website’s security has never been easier. All SSL certificates provided by Let’s Encrypt can be used for production/commercial purposes without any costs or fees. Let’s begin with the installation and setup.

Read moreHow to Install Let’s Encrypt on Ubuntu 20.04 with Apache

How to Install ClamAV on Debian 9 and Scan for Vulnerabilities

In this tutorial, we’ll be explaining how to install ClamAV on your Debian 9 VPS, as well as how to use it to check for and remove any malware or security vulnerabilities.

Read moreHow to Install ClamAV on Debian 9 and Scan for Vulnerabilities

How to Configure a Firewall with UFW on Debian 9

In this tutorial, we will show you how to install and use the UFW firewall system on a Linux VPS running Debian 9. Security is a very important thing to consider when you run your own server.

UFW (Uncomplicated Firewall) is a simple and user-friendly front-end for managing iptables firewall rules – UFW aims to provide an easy to use interface for the user, making a secure server more accessible to more users. It is specially designed for beginner users who are unfamiliar with firewall concepts.

Let’s begin with the installation.

Read moreHow to Configure a Firewall with UFW on Debian 9

How to Install Let’s Encrypt SSL on Ubuntu 18.04 with Nginx

In this tutorial, we will guide you through the steps of installing Let’s Encrypt SSL certificate on an Ubuntu 18.04 VPS and configure it with Nginx web server.

Let’s Encrypt is a free and automated certificate authority organization. They aim to bring secure websites to all users across the web. They make installations easy and simple, and you can even set up auto-renewal so that you never have to worry about your certificate expiring. Let’s get started with the installation.

Read moreHow to Install Let’s Encrypt SSL on Ubuntu 18.04 with Nginx

How to Install Let’s Encrypt with Apache on CentOS 7

In this tutorial, we will show you how to install the Let’s Encrypt client on your CentOS 7 VPS and issue an SSL certificate for your domain.

Improving your website security through SSL encryption can increase your visitors’ trust in your website. In the past, setting up SSL encryption on a website was a complicated task. However, Let’s Encrypt is a free and open source certificate authority (CA) that allows obtaining and installing certificates through simple, automated commands. Thanks to them, setting up encryption and increasing the security of your site is made a lot easier. Let’s Encrypt provides a valid SSL certificate for your domain without any cost and can be used for production/commercial use as well.

Let’s begin with the installation – it’s a simple install, and it won’t take long at all.

Read moreHow to Install Let’s Encrypt with Apache on CentOS 7

How to Configure a Firewall with CSF on Debian 9

 

 

In this article, we will show you how to install and configure the CSF firewall on a Debian 9 VPS, as well as go through some tips on how to use CSF.

ConfigServer Security & Firewall (CSF) is a free and advanced firewall management tool based on iptables. CSF provides a high level of security on your server and is very straightforward, making it easy to set up and install on all supported Linux distributions. We will use Debian 9 which is among the supported Linux distributions. CSF has many great features such as port scanning, SYN floods and brute force attacks for many services that can help you protect your server. One of the very nice features on CSF is that it provides a built-in web UI for managing the firewall from a web browser. This UI integration is supported by cPanel, DirectAdmin, as well as working independently on your server.

The CSF installation also comes with another service called Login Failure Daemon (LFD). LFD actually is a process that monitors the log files and sends email notifications based on the CSF configuration rules. Let’s begin with the installation.

Read moreHow to Configure a Firewall with CSF on Debian 9

How to Disable SELinux on CentOS 7

In this tutorial we will go over the different levels of security in SELinux, as well as show you how to disable SELinux on a CentOS 7 VPS.

SELinux or Security-Enhanced Linux is a Linux kernel security module which provides a variety of security policies and gives server administrators better control over access to various parts of their system. Basically, with SELinux enabled, every program or action running on a Linux VPS which can affect the system in any way would be checked against a security ruleset. Although it provides a higher level of security, many system administrators find it difficult to manage and troubleshoot. For this reason, it’s common for admins to want to disable it. Let’s get started with disabling SELinux.

Read moreHow to Disable SELinux on CentOS 7

How to Install Lynis on Ubuntu 18.04

In this guide, we will explain how to install the Lynis community edition on an Ubuntu 18.04 VPS.

Lynis is an open-source tool for security auditing, compliance testing, and vulnerability detection. Lynis also scan for general system information and possible configuration issues and provide tips for further system hardening.

Lynis comes in two editions, community and enterprise. The enterprise editions include more tests and it is bundled with plugins. When extended with plugins, Lynis will perform additional tests and collect more system information. Lynis runs on all Linux distributions and it is used by thousands of developers, system administrators, IT auditors, and penetration testers all around the world.

This guide should work on other Linux VPS systems as well, but it was tested and written for an Ubuntu 18.04 VPS.

Read moreHow to Install Lynis on Ubuntu 18.04