A major reason for malicious attacks on Linux servers has been poorly implemented security or existing vulnerabilities. When configuring a server, the security policies need to be implemented properly and ownership needs to be taken for proper customization of the server.

Let's have a look and various security policies

Let's discuss the various security policies:

1. The administration of all the internal servers in an organization is the responsibility of a dedicated team that should also keep watch for any kind of compliance issues. If a compliance issues occurs, the team should immediately review and implement an updated security policy.
2. When configuring internal servers, they must be registered in such a way that the identification of the servers can be done on the basis of the following information:
   • Location of the server
   • Operating system version and hardware configuration
   • Services and applications running on the server
3. Any kind of information in the organization's management system must always be kept up to date.

Let's discuss the various security policies:

1. The operating system on the server should be configured in accordance with the guidelines approved for InfoSec.
2. Any service or application not being used should be disabled, wherever possible.
3. Every access to the services and applications on the server should be monitored and logged. It should also be protected through access-control methods. An example of this will be covered in Chapter 3, Local FileSystem Security.
4. The system should be kept updated and any recent security patches, if available, should be installed as soon as possible
5. Avoid using the root account as much as possible. It is better to use security principles that require least access to perform a function.
6. Any kind of privileged access must be performed over a secure channel connection (SSH), wherever possible.
7. Access to the server should be in a controlled environment.

Let's discuss the various security policies:

1. All security-related actions on server systems must be logged and audit reports should be saved as follows:
   • For a period of one month, all the security-related logs should be kept online
   • For a period of one month, the daily backups, as well as the weekly backups, should be retained
   • For a minimum of two years, the monthly full backups should be retained
2. Any event related to security being compromised should be reported to the InfoSec team. They shall then review the logs and report the incident to the IT department.
3. Some examples of security related events are as follows:
   • Port-scanning-related attacks
   • Access to privileged accounts without authorization
   • Unusual occurrences due to a particular application on the host

Following the policies as given here helps the base configuration of the internal server that is owned or operated by the organization. Implementing the policy effectively will minimize unauthorized access to any sensitive and proprietary information.