Linux distributions have been upvoted lately by millions of worldwide internet users. As a result, the overall count of Linux users is rising dramatically. After speculating the current internet based global market, one thing is getting clearer, open source[1] is making a whiz- bang comeback. Nowadays, most of the internet based businesses’ operate on a well established interconnected computer network, headed by a powerful server. The mainframe server either works on Linux or Windows based operating system(s). Apparently, the market for Linux is growing dynamically, specially the use of Linux on servers.
Wondering why ?
Well, here is a guide for you to understand why most of the businesses’ prefer their server operations on Linux distributions and how the data privacy and security quotient can be enhanced to more secure level via Linux.
Well, here is a guide for you to understand why most of the businesses’ prefer their server operations on Linux distributions and how the data privacy and security quotient can be enhanced to more secure level via Linux.
1)Understand your server’s need, install packages accordingly !
The best thing about using an Open source platform is that you don't have to install unnecessary software packages on your system. In-fact, it’s always better to only install what is required, things that you solely intend to work on. This saves cache memory and maintains the server uptime avoiding system lags and unnecessary troubleshooting.
The best thing about using an Open source platform is that you don't have to install unnecessary software packages on your system. In-fact, it’s always better to only install what is required, things that you solely intend to work on. This saves cache memory and maintains the server uptime avoiding system lags and unnecessary troubleshooting.
For instance, if you are looking forward to run your own server, there might be a tendency that you may want to make use of the server space to the fullest by installing a lot of software and applications. In other words, suppose you are provided with almost 50GB of SSD storage from a host, you will want to install most of the application services that are available on the net(why waste web space, right ?). Well, it’s your server and definitely you can install whatever you feel is appropriate. However, as they say, taking things for granted can subsequently lead to certain repercussions.
FYI, when it comes to hijacking information, even the most high end servers can be vulnerable. All that is needed to exploit a server is simply one unpatched component.
FYI, when it comes to hijacking information, even the most high end servers can be vulnerable. All that is needed to exploit a server is simply one unpatched component.
First things first, in order to avoid such hassles, you MUST maintain your server appropriately. Just install what is required and simply avoid installation of any unnecessary packages. Always remember, unpatched codes can become a servers weaknesses. And hence, the fewer packages, the lesser are the chances for coming across any unpatched codes which can give rise to issues in the future.
Hence, before you install any third party software package, it is recommended that you read the terms and conditions & then move ahead to install only those elements that are REQUIRED to complete the overall software installation process.
2)DO NOT run unknown services
The second rule to optimize your security level on the Linux architecture is to only run those services that are needed to perform your organizational/individual tasks on your server and on other Linux systems. Many a times there is a tendency that some distros/packages may trigger another service on some other port. This could very well lead to a possible security risk.
So just keep a check on all the services that are running on different ports by applying the following command on the terminal:
So just keep a check on all the services that are running on different ports by applying the following command on the terminal:
netstat -npl
When you use this command, your terminal screen will display all the services that are running on the different ports.
These are some other NETSTAT commands that can always be handy.
Now that you know what all services are running on your ports, you can stop any of the service(s) which you think are not appropriate to be running on your network.
One more thing that you should keep a check on is the number of services that are enabled, which start running when your system starts. For the same, you can use the command on the running systemd:
systemctl list-unit-files --type=service | grep enabled
When you apply this command, you get an output displaying all the services running on your system.This way, if you spot anything fishy, you can always disable it via the terminal itself.
To disable a service, all that you need to do is simply type the command
systemctl disable service_name on your terminal window.And wait for the magic to start thereafter !
3)DO NOT allow easy access to the server;use encryptions to restrict access
Your attitude towards your server should be somewhat like your attitude towards your house. Just the way you are very precautious about your house’s security(which further implies to security of your loved ones and your household things), likewise, you should monitor your server very precautiously to ensure adequate security of your data. After all it’s all about the information and hence, security matters. So try to restrict your server access to only the necessary people. The Server is the root , you have to not let it down in order to avoid any unwanted memory dump and rootkit attacks.
4)DO NOT login as ROOT
One thing that is always discouraged by the experts is to ssh into server as a superuser.You can disbale ssh as root user by implementing a series of terminal commands. But before that, here is a way to create a user having access to some SUDOelements.This will help to ssh in to the server and perform most of the administrative tasks(as a practice to avoid any root access attacks in future).
As you might be aware, different distributions have different set of parameters to add a user.
Lets take an example of how a user can be added on Ubuntu.
Lets take an example of how a user can be added on Ubuntu.
You simply type in the command adduser username. After this, you will be asked a few questions by the system which you need to answer sequentially to create a user password.
Once done,the next thing that you’d need to do is to provide your user with some sudo powers.
So you run the command : gpasswd -a username sudo.
Now open another terminal window and try to log in to the server by using this sudo user that you just created.If you succeed, then you can go ahead in implementing the process of DISABLING root login.
● Restricting server access by disabling ROOT login
Now, using the newly created sudo user ID let us try to implement the process of disabling root login by means of which no one will be able to ssh or log in your server as a root user. In order to do this, you need to open the sshd configuration file : nano/etc/ssh/sshd_conf
Then look out for the command line that says #PermitRootLogin no
Save this file and restart the service: service ssh restart or systemctl restart sshd
You need to make sure that all this while, you were logged in the server. This is the test; testing the newly created user’s ability to log in to the server as a root. Depending on the outcome you can understand whether your server settings allow any user to access as ROOT or not. Accordingly, you can also disable the root access.
The above mentioned tips can be pretty handy in securing a Linux based server.
It’s is always better to be precautious about security breaches and stay one step ahead of the data hijackers who are rather keen in searching for loopholes in their targets server to make changes by accessing data.To keep up with the fast growing interne hactivism, you should be aware of what to and what not to do by learning the TERMINAL thoroughly.Infact if you are hosting web services via the server, you must be really precautious about the encryptions and permissions. After all, precaution is better than cure. Henceforth, maintain regular backups, save any changes that you make to avoid any data compromise.This way, even IF your server fails , you wont have to worry much and resume from where things went haywire.
Comments
Post a Comment