X

Security Tips for Your Server

One of the first things you should do when running a Virtual Private Server (VPS) is to secure your server as much as possible. This way you will protect your server against various security attacks which may harm or even destroy your data.

Here are a few easy tips on how to improve the stability and security of your Virtual Private Server:

1. Keep Your Software Up-To-Date
Keeping the software up-to-date is one of the most important tasks of securing your server. Everyday, numerous vulnerabilities are found in various Linux applications, services and scripts and new fixed versions of them are being released very quickly. Installing the updates on your server is crucial and strongly recommended. You can keep your server up-to-date using your distribution’s package manager such as ‘yum’  or ‘apt-get’.

RPM based distros:
# yum update

Debian based distros
# apt-get update && apt-get upgrade

2. Use Strong Passwords
Passwords are the front line defense for your server. When setting up new accounts on your virtual server, you should create strong passwords. The stronger the password is, the less likely it is to be guessed and your server compromised. Never use passwords that are easily guessable, such as passwords based upon names, street addresses, dictionary words, significant dates, etc… A strong password consists of a combination of letters (both upper and lower case), numbers and special characters and it should be at least 8 characters long.

To change your ‘root’ password use the following on the Linux command line:
# passwd

To change a user’s password use the following instead:
# passwd <username>

3. Use Correct File and Directory Permissions
Three types of access permissions: read, write and execute are available for three different categories of users: owner, group and others. With these permissions you can determine who can access or modify the files. This makes them very important for the security of your server. You should ensure that all files and directories have the correct permissions. You can check the permissions of a file by executing the ‘ls -l’ command. The very first line of the given output shows the files/directories permissions: ‘r’ = read permission; ‘w’ = write permission; ‘x’ = execute permission; ‘-‘ = no permission. You can change the permissions with the ‘chmod’ command.

The following commands can help you find any world writable files and directories which  may be a security risk:

To find world writable files type:
# find / -type f -perm -o+w -exec ls -l {} \;

To find world writable directories type:
# find / -type d -perm -o+w -exec ls -ld {} \;

4. Stop/Disable Unnecessary Services
All Linux distributions usually have many services/daemons configured to start every time you start the server. The more services running on your server, the more ports are being open to potential external break-ins. Disabling unnecessary services can improve the security of your server and even the overall server performance.

To check which services are running on your server execute:
# chkconfig --list

The above command will show the startup status of all services.

To stop a service at startup time you can execute:
# chkconfig --levels <name_of_service> off

5. Disable ‘root’ login via SSH
The ‘root’ account has full control over the entire server, so allowing direct logins as ‘root’ via SSH is one of the biggest security risks. Hackers can brute force a server’s ‘root’ password and when they succeed, they will gain full control over your entire server. Despite this, even one small mistake made while logged in as ‘root’ can cause a big  problem on your server. It’s strongly recommended to use your ‘root’ user only when it is really necessary.

6. Remove Inactive Accounts
User accounts that are not used for a long time are potentially security risks for your server. Since no one is using them, they can be compromised and used to harm your server or other servers on the network.

To delete user account from the Linux command line execute:
# userdel <username>

PS. If you liked this post please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.

 

View Comments