Securing a Linux server starts with the process of hardening the system, and to do this it's important to define a list of security controls. A security controls list (or security checklist) confirms that proper security controls have been implemented.

Let's have a look at various security control checklists.

Now we will look into each security control checklist:

• Installation media such as CD-ROM/DVD/ISO should be checked by using checksum
• A minimal base installation should be done when creating the server
• It is good practice to create separate filesystems for /home, and /tmp
• It is good practice to install minimum software on the server to minimize the chances of vulnerability
• Always keep the Linux kernel and software up to date

Now we will look into each security control checklist:

• Encrypt partitions using disk encryption methods such as LUKS.
• Limit access to BIOS by configuring a BIOS password.
• Limit bootable devices and allow only devices such as disk to be booted.
• Configure a password to access the single user mode boot loader.

Now we will look into each security control checklist:

• Determine the services running by checking the open network ports.
• Use a firewall such as iptables/nftables to limit access to the services as per need.
• Encrypt all data transmitted over the network.
• Avoid using services such as FTP, Telnet, and Rlogin/Rsh.
• Any unwanted services should be disabled.
• A centralized authentication service should be used.

Now we will look into each security control checklist:

• File integrity tools such as AIDE, Samhain, and AFICK should be installed and configured for monitoring important files.
• Use a malware scanner such as CalmAV to protect against malicious scripts.
• Configure system logging to a remote machine for the purpose of detection, forensics, and archiving.
• Deter brute-force attacks by using anti brute-force tools for authentication attempts.

Now we will look into each security control checklist:

• Read through logs to monitor for suspicious activity.
• Configure auditd configuration to perform system accounting.
• Ensure backup is working, and also check restores.

Implementing these security controls minimizes the security risk to your Linux server. This helps protect your data from the hands of hackers.