MALIKA KAROUM

MALIKA KAROUM

  • Home
  • Inleiding
  • Unite Arab Emirates
  • Blog
  • video’s
  • Promotion
    • Worth for free now
    • Work from Home 2023
    • Gadgets
    • All about Windows
    • about Whatsapp
    • Whats the
    • About websites
    • New Ways
    • New Way of Watching
    • Virtual
    • Website
    • All about Video
    • How to Use
    • YouTube Info
    • All about Twitter
    • The Best of
    • About Apps
    • Google News
    • For Free
    • About This
    • Need More
    • Why should you
    • Iphone news
    • Interesting News
    • About Amazone
    • Some tips
    • About Netflix
    • All about Music
    • About Facebook
  • Marketing
    • Malika Karoum Strategie Modules
    • Malika Karoum Online Marketing
    • Malika Karoum Business Service
    • Malika Karoum Marketing Platform
    • Online business marketing
  • Luxury
    • The Indulgence Business site
    • The Luxury Web site
    • The Ultimate Indulgence
    • The Indulgence Site
    • The Ultimate Luxury Information site
    • Online luxury
  • Malika Karoum
    • Malika Karoum LinkedIn
    • Malika Karoum Facebook
    • Malika Karoum Instagram
    • Malika Karoum Business News
    • Adverteren grote fraude
    • Menu POS
    • Malika Karoum Evenementen
  • Security
  • Malika Karoum link
  • Home
  • Malika Karoum Global News
  • 10 Linux Hardening Tips for Beginner SysAdmins
February 3, 2023

10 Linux Hardening Tips for Beginner SysAdmins

10 Linux Hardening Tips for Beginner SysAdmins

by Malika Karoum / Tuesday, 29 December 2020 / Published in Malika Karoum Global News

Linux systems are secure by design and provide robust administration tools. But no matter how well-designed a system is, its security depends on the user.

Beginners often take years to find the best security policies for their machines. That’s why we are sharing these essential Linux hardening tips for new users like you. Give them a try.

1. Enforce Strong Password Policies

Passwords are the primary authentication method for most systems. No matter if you’re a home user or a professional, enforcing solid passwords is a must. First, disable empty passwords. You won’t believe how many people still use them.

awk -F: '($ 2 == "") {print}' /etc/shadow

Run the above command as root to view which accounts have empty passwords. If you find someone with an empty password, lock the user right away. You can do this by using the following.

passwd -l USERNAME

You can also set up password aging to ensure users can’t use old passwords. Use the chage command to do this from your terminal.

chage -l USERNAME

This command displays the current expiration date. To set password expiration after 30 days, use the below command. Users may use Linux password managers to keep online accounts secure.

chage -M 30 USERNAME

2. Backup Essential Data

If you’re serious about your data, then set up regular backups. This way, even if your system crashes, you can recover the data fast. But, choosing the right backup method is crucial for Linux hardening.

If you’re a home user, cloning the data into a hard drive could suffice. Enterprises, however, need sophisticated backup systems that offer swift recovery.

3. Avoid Legacy Communication Methods

Linux supports many remote communication methods. But, legacy Unix services like telnet, rlogin, and ftp can pose serious security issues. So, try to avoid them. You may remove them altogether to reduce the security issues associated with them.

apt-get --purge remove xinetd nis tftpd tftpd-hpa telnetd 
> rsh-server rsh-redone-server

This command removes some widely used but outdated services from Ubuntu/Debian machines. If you’re using an RPM-based system, use the following instead.

yum erase xinetd ypserv tftp-server telnet-server rsh-server

4. Secure OpenSSH

The SSH protocol is the recommended method of remote communication for Linux. Make sure to secure your OpenSSH server (sshd) configuration. You can learn more about setting up an SSH server here.

Edit the /etc/ssh/sshd_config file to set security policies for ssh. Below are some common security policies anyone can use.

PermitRootLogin no                 # disables root login
MaxAuthTries 3 # limits authentication attempts
PasswordAuthentication no # disables password authentication
PermitEmptyPasswords no # disables empty passwords
X11Forwarding no # disables GUI transmission
DebianBanner no # disbales verbose banner
AllowUsers *@XXX.X.XXX.0/24 # restrict users to an IP range

5. Restrict CRON Usage

CRON is a robust job scheduler for Linux. It allows admins to schedule tasks in Linux using the crontab. Thus, it’s crucial to restrict who can run CRON jobs. You can find out all active cronjobs for a user by using the following command.

crontab -l -u USERNAME

Check the jobs for each user to find out if anyone is exploiting CRON. You may want to block all users from using crontab except you. Run the following command to this.

echo $ (whoami) >> /etc/cron.d/cron.allow
# echo ALL >> /etc/cron.d/cron.deny

6. Enforce PAM Modules

Linux PAM (Pluggable Authentication Modules) offers powerful authentication features for apps and services. You can use various PAM policies to secure the system’s login. For example, the below commands limit password reuse.

# CentOS/RHEL
echo 'password sufficient pam_unix.so use_authtok md5 shadow remember=5' >>
> /etc/pam.d/system-auth
# Ubuntu/Debian
echo 'password sufficient pam_unix.so use_authtok md5 shadow remember=5' >>
> /etc/pam.d/common-password

They restrict the use of passwords that have been used within the last five weeks. There are many more PAM policies that provide extra layers of security.

7. Remove Unused Packages

Removing unused packages reduces the attack surface on your machine. So, we recommend you delete rarely used packages. You can view all currently installed packages using the below commands.

yum list installed           # CentOS/RHEL 
apt list --installed # Ubuntu/Debian

Say you want to remove the unused package vlc. You can do this by running the following commands as root.

yum remove vlc              # CentOS/RHEL
apt remove vlc # Ubuntu/Debian

8. Secure Kernel Parameters

Another effective way of Linux hardening is securing the kernel parameters. You can configure these parameters using sysctl or by modifying the configuration file. Below are some common configurations.

kernel.randomize_va_space=2          # randomnize address base for mmap, heap, and stack
kernel.panic=10 # reboot after 10 sec following a kernel panic
net.ipv4.icmp_ignore_bogus_error_responses # protects bad error messages
net.ipv4.ip_forward=0 # disables IP forwarding
net.ipv4.icmp_ignore_bogus_error_responses=1 # ignores ICP errors

These are just some basic configurations. You will learn different ways of kernel configuration with experience.

9. Configure iptables

Linux kernels provide robust filtering methods for network packets via its Netfilter API. You can use iptables to interact with this API and set up custom filters for network requests. Below are some basic iptables rules for security-focused users.

-A INPUT -j REJECT              # reject all inbound requests
-A FORWARD -j REJECT # reject traffic forwarding
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT # allow traffic on localhost
# allow ping requests
-A OUTPUT -p icmp -j ACCEPT # allow outgoing pings
# allow established/related connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# allow DNS lookups
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
# allow http/https requests
-A OUTPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
# allow SSH access
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT

10. Monitor Logs

You can utilize logs for making better sense of your Linux machine. Your system stores several log files for apps and services. We’re outlining the essential ones here.

  • /var/log/auth.log — logs authorization attempts
  • /var/log/daemon.log — logs background apps
  • /var/log/debug — logs debugging data
  • /var/log/kern.log — logs kernel data
  • /var/log/syslog — logs system data
  • /var/log/faillog — logs failed logins

Best Linux Hardening Tips for Beginners

Securing a Linux system is not as hard as you think. You can harden security by following some of the tips mentioned in this guide. You’ll master more ways of securing Linux as you gain experience.

MakeUseOf – Feed

  • Tweet
Tagged under: Beginner, Hardening, Linux, SysAdmins, Tips

About Malika Karoum

What you can read next

The 7 Best Buy Now, Pay Later Sites
How to Build a Home Theater on the Cheap
How to Easily Bypass YouTube’s Regional Filter

Malika Karoum Blog 2023

  • How to Delete the Last 15 Minutes of Your Google Search History

    There’s a quick way for you to clear your...
  • Lenovo Wants You to Know Its Yoga Pad Pro Can Be Used as a Portable Switch Display

    Sometimes, when playing with your Nintendo Swit...
  • The 5 Best Apps for Buying and Selling Pre-Owned Books

    We’ve all been at the point where we have...
  • Humble’s Recent "Heal Covid-19" Bundle Raised 1.2 Million for Charity

    To help raise money for COVID-19 relief in Indi...
  • Nintendo Partners With PlayVS to Make Its Games Recognized High School Varsity Athletics

    It’s odd—Nintendo gets a lot of flak for ...
  • The Pros and Cons of Playing Video Games on an Emulator

    If you’re a fan of playing retro video ga...
  • 5 Curators to Find the Best Articles Worth Reading on the Internet

    When anyone and everyone is a publisher, it isn...
  • Apple Could Unveil iPads With OLED Screens in 2023

    Apple only just switched from LCD to mini-LED d...
  • What Is Signal and How Does It Work?

    The chances are that you use at least one of th...
  • Samsung’s Upcoming Flagship Exynos Chipset Will Feature AMD’s RDNA2 GPU

    AMD confirmed its partnership with Samsung at C...
  • Atari Finally Reveals the Launch Date for the New Atari VCS Console

    At last, after what seems like an age (it pract...
  • Twitter Starts Testing Full-Screen Ads in Fleets

    Twitter has announced that it will be adding fu...
  • When Is Facebook Messenger Going to Offer End-to-End Encryption?

    Facebook Messenger is easy to use and has great...
  • Get Paid to Play Apps: How They Work and What You Risk

    You’ve probably seen advertisements for a...
  • When Will PS5 Production Ensure Supply Meets Demand?

    Despite the PS5’s launch taking place in ...
  • How to Manage Processes on Ubuntu Using System Monitor

    Linux, like most modern operating systems, is v...
  • How to Get Verified on Twitter and Finally Get That Blue Check Mark

    Twitter, like most social media platforms, offe...
  • 10 Street Photography Tips That Will Make You a Better Photographer

    Street photography is enjoyed by many enthusias...
  • Huawei Freebuds 4i Review: Quality ANC Earbuds for $100

    Huawei Freebuds 4i 8.00 / 10 Read Reviews Read ...
  • What Is Extended Reality (XR) and How Does It Work?

    We’re living in a digital age where the virtual...

MALIKA KAROUM ONLINE MARKETING PLATFORM

Office:
RME HOLDINGS SARL – DUBAI BRANCH

BUSINESS CENTER

Parcel ID: 345-835

Area: Bur Dubai

Sub Area: Burj Khalifa

UNITED ARAB EMIRATES

 

 

 

Malika Karoum Concept

Malika Karoum Projects

  • GET SOCIAL

© 2014 Malika Karoum -United Arab Emirate Dubai- All Rights Reserved

TOP