This article includes a collection of commands and best practices that you can use to improve the security of your Linux servers (RHEL/CentOS). If you have more suggestions, please mention them in the comments. Enjoy the read!

  • Remove insecure tools (FTP, telnet, rlogin, rsh, etc.) and use only secure alternatives (SCP, SSH, sftp, rsync, etc.)
  • Enable firewall/Iptables
  • Disable unwanted services and daemons
  • Audit installed packages and remove unwanted ones regularly
  • Audit listening network ports and block unwanted ones regularly
  • Audit user accounts and disable the unwanted ones regularly
  • Enable SELinux
  • Turn off IPv6
  • Make /boot directory a read-only
  • Disable ICMP broadcast requests and harden /etc/sysctl.conf
  • Strengthen password policy
  • Monitor suspicious user activities
  • Disable root login and password authentication for SSH
  • Disable shutdown/restart on three-finger salute (Ctrl+Alt +Del)
  • Remove desktops
  • Fix permissions on world-writable files and no-owner files
  • Remove unwanted files/scripts/directories regularly and keep the server clean
  • Keep servers up to date
  • Collect Syslog regularly
  • Set up periodic backups and secure offsite mount points for important files/directories
  • Configure intrusion prevention tools at the network level
  • Perform security audits regularly
  • Improve physical security

#programming #linux #security

23 Linux Server Security Tips and Best Practices
3.25 GEEK