CentOS / Linux Server Security Hardening Tips for Hosting Clients
We all believe that Linux is secured by default and agreed to some extend. However, Linux has in-built security model in place by default. We have to customize the default settings to be risk free and feel more secured of our server. All the things we have to do is for our security and performance. It is true that Linux server are harder to manage but offers more flexibility and configuration options if and easy to understand the settings. Securing our system from hackers and crackers is a challaenging thing for the server administrator. Therefore, i would like to share my experience and important server configuration for hardening your system.
Creating Use of new Strong Passwords/Usernames User
- useradd YOURUSER
Set new password for newly created user
- passwd YOURUSER
Add your newuser to the WHEEL group to enable that user to use the sudo command.
- usermod -aG wheel YOURUSER
Disable Root Logins
SSH configuration fo server are always stored in /etc/ssh/sshd_config file and we have to edit the file using an editor vi
- sudo vi /etc/ssh/sshd_config
Edit the following to no
# Prevent root logins: PermitRootLogin noAlso change the default ssh port to any unused port between 1-65535 e.g 1222
Then re-start the ssh service
- service sshd restart
Limit User Logins
- AllowUsers alice bob
Disable Protocol 1. SSH has 2 protocols, Protocol 1 is less secure, thats why we are going to disable it.
- vi /etc/ssh/sshd_config
# Protocol 2,1 Protocol 2
again restart the ssh service