Beginners often take years to find the best security policies for their machines. That’s why we are sharing these essential Linux hardening tips for new users like you. Give them a try.
1. Enforce Strong Password Policies
Passwords are the primary authentication method for most systems. No matter if you’re a home user or a professional, enforcing solid passwords is a must. First, disable empty passwords. You won’t believe how many people still use them.
Run the above command as root to view which accounts have empty passwords. If you find someone with an empty password, lock the user right away. You can do this by using the following.
You can also set up password aging to ensure users can’t use old passwords. Use the chage command to do this from your terminal.
This command displays the current expiration date. To set password expiration after 30 days, use the below command. Users may use Linux password managers to keep online accounts secure.
2. Backup Essential Data
If you’re serious about your data, then set up regular backups. This way, even if your system crashes, you can recover the data fast. But, choosing the right backup method is crucial for Linux hardening.
If you’re a home user, cloning the data into a hard drive could suffice. Enterprises, however, need sophisticated backup systems that offer swift recovery.
3. Avoid Legacy Communication Methods
Linux supports many remote communication methods. But, legacy Unix services like telnet, rlogin, and ftp can pose serious security issues. So, try to avoid them. You may remove them altogether to reduce the security issues associated with them.
This command removes some widely used but outdated services from Ubuntu/Debian machines. If you’re using an RPM-based system, use the following instead.
4. Secure OpenSSH
The SSH protocol is the recommended method of remote communication for Linux. Make sure to secure your OpenSSH server (sshd) configuration. You can learn more about setting up an SSH server here.
Edit the /etc/ssh/sshd_config file to set security policies for ssh. Below are some common security policies anyone can use.
5. Restrict CRON Usage
CRON is a robust job scheduler for Linux. It allows admins to schedule tasks in Linux using the crontab. Thus, it’s crucial to restrict who can run CRON jobs. You can find out all active cronjobs for a user by using the following command.
Check the jobs for each user to find out if anyone is exploiting CRON. You may want to block all users from using crontab except you. Run the following command to this.
6. Enforce PAM Modules
Linux PAM (Pluggable Authentication Modules) offers powerful authentication features for apps and services. You can use various PAM policies to secure the system’s login. For example, the below commands limit password reuse.
They restrict the use of passwords that have been used within the last five weeks. There are many more PAM policies that provide extra layers of security.
7. Remove Unused Packages
Removing unused packages reduces the attack surface on your machine. So, we recommend you delete rarely used packages. You can view all currently installed packages using the below commands.
Say you want to remove the unused package vlc. You can do this by running the following commands as root.
8. Secure Kernel Parameters
Another effective way of Linux hardening is securing the kernel parameters. You can configure these parameters using sysctl or by modifying the configuration file. Below are some common configurations.
These are just some basic configurations. You will learn different ways of kernel configuration with experience.
9. Configure iptables
Linux kernels provide robust filtering methods for network packets via its Netfilter API. You can use iptables to interact with this API and set up custom filters for network requests. Below are some basic iptables rules for security-focused users.
10. Monitor Logs
You can utilize logs for making better sense of your Linux machine. Your system stores several log files for apps and services. We’re outlining the essential ones here.
/var/log/auth. log — logs authorization attempts /var/log/daemon. log — logs background apps /var/log/debug — logs debugging data /var/log/kern. log — logs kernel data /var/log/syslog — logs system data /var/log/faillog — logs failed logins
Best Linux Hardening Tips for Beginners
Securing a Linux system is not as hard as you think. You can harden security by following some of the tips mentioned in this guide. You’ll master more ways of securing Linux as you gain experience.
