Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Practical Linux Security Cookbook

You're reading from   Practical Linux Security Cookbook Secure your Linux environment from modern-day attacks with practical recipes

Arrow left icon
Product type Paperback
Published in Aug 2018
Publisher Packt
ISBN-13 9781789138399
Length 482 pages
Edition 2nd Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Tajinder Kalsi Tajinder Kalsi
Author Profile Icon Tajinder Kalsi
Tajinder Kalsi
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Linux Security Problem 2. Configuring a Secure and Optimized Kernel FREE CHAPTER 3. Local Filesystem Security 4. Local Authentication in Linux 5. Remote Authentication 6. Network Security 7. Security Tools 8. Linux Security Distros 9. Bash Vulnerability Patching 10. Security Monitoring and Logging 11. Understanding Linux Service Security 12. Scanning and Auditing Linux 13. Vulnerability Scanning and Intrusion Detection 14. Other Books You May Enjoy

Configuring server security

Once a Linux server is created, the immediate next step is to implement security procedures to make sure that any kind of threat should not cause the system to be compromised. A major reason for malicious attacks on Linux servers have been poorly implemented security or existing vulnerabilities. When configuring a server, the security policies need to be implemented properly to create a secure environment that will help prevent your business from getting hacked.

How to do it...

Let us have a look for each and every configuration.

User management

Follow these steps to configure server security:

  1. When a Linux server is created, the first user created by default is always the root user. This root user should be used for initial configuration only.
  2. Once initial configuration is done, this root user should be disabled via SSH. This will make it difficult for any hacker to gain access to your Linux machine.
  3. Further, a secondary user should be created to log in and administer the machine. This user can be allowed sudo permissions if administrative actions need to be performed.

Password policy

Follow these steps to configure server security:

  1. When creating user accounts, ensure the use of strong passwords. If allowed, keep the length of the password to between 12 to 14 characters.
  2. If possible, generate passwords randomly, and include lowercase and uppercase letters, numbers, and symbols.
  3. Avoid using password combinations that could be easily guessed, such as dictionary words, keyboard patterns, usernames, ID numbers, and so on.
  4. Avoid using the same password twice.

Configuration policy

Follow these steps to configure server security:

  1. The operating system on the server should be configured in accordance with the guidelines approved for InfoSec.
  2. Any service or application not being used should be disabled, wherever possible.
  3. Every access to the services and applications on the server should be monitored and logged. It should also be protected through access-control methods. An example of this will be covered in Chapter 3, Local Filesystem Security.
  4. The system should be kept updated and any recent security patches, if available, should be installed as soon as possible
  5. Avoid using the root account as much as possible. It is better to use the security principles that require least access to perform a function.
  1. Any kind of privileged access must be performed over a secure channel connection (SSH) wherever possible.
  2. Access to the server should be in a controlled environment.

Monitoring policy

  1. All security-related actions on server systems must be logged and audit reports should be saved as follows:
  • For a period of one month, all security-related logs should be kept online
  • For a period of one month, the daily backups, as well as the weekly backups should be retained
  • For a minimum of two years, the monthly full backups should be retained
  1. Any event related to security being compromised should be reported to the InfoSec team. They shall then review the logs and report the incident to the IT department.
  2. Some examples of security-related events are as follows:
  • Port-scanning-related attacks
  • Access to privileged accounts without authorization
  • Unusual occurrences due to a particular application on the host

How it works...

Following the policies as given here helps in the base configuration of the internal server that is owned or operated by the organization. Implementing the policy effectively will minimize unauthorized access to any sensitive and proprietary information.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image