CentOS / Linux Server Security Hardening Tips for Hosting Clients

4 February 2017

We all believe that Linux is secured by default and agreed to some extend. However, Linux has in-built security model in place by default. We have to customize the default settings to be risk free and feel more secured of our server. All the things we have to do is for our security and performance. It is true that Linux server are harder to manage but offers more flexibility and configuration options if and easy to understand the settings. Securing our system from hackers and crackers is a challaenging thing for the server administrator. Therefore, i would like to share my experience and important server configuration for hardening your system.

Creating Use of new Strong Passwords/Usernames User

  • useradd YOURUSER

Set new password for newly created user

  • passwd YOURUSER

Add your newuser to the WHEEL group to enable that user to use the sudo command.

  • usermod -aG wheel YOURUSER

Disable Root Logins

SSH configuration fo server are always stored in /etc/ssh/sshd_config file and we have to edit the file using an editor vi

  • sudo vi /etc/ssh/sshd_config

Edit the following to no

# Prevent root logins: PermitRootLogin no Also change the default ssh port to any unused port between 1-65535 e.g 1222 Port 1222

Then re-start the ssh service

  • service sshd restart

Limit User Logins

  • AllowUsers alice bob

Disable Protocol 1. SSH has 2 protocols, Protocol 1 is less secure, thats why we are going to disable it.

  • vi /etc/ssh/sshd_config
uncomment version 2 and comment version 1 # Protocol 2,1 Protocol 2

again restart the ssh service