Security tips for Linux server

1. Use only  strong passwords for all accounts , especially for root.

Always use a secure root password. Example of a strong password: [^G!h7#320P@}jD&er4.

This applies to all users which have ssh access or/and admin access to web UI panel like Webmin,zPanel, etc...

2. Change the default ssh port.

http://wiki.vpsget.com/index.php/Ssh

3. Disable root login.

http://wiki.vpsget.com/index.php/Ssh

4. Install fail2ban to protect your server against brute force attack.

http://wiki.vpsget.com/index.php/Fail2ban

5. Update OS packages time to time.

yum update (CentOS, RedHat)

apt-get update (Debian, Ubuntu)

6. Monitor your VPS resources utilization.

Once you've noticed unusual high utilization you should check and understand why this happens.

You can use top, htop,  iotop,  iftop, free -m, df -h, tcpdump, netstat, etc.

7. Check the security logs time to time.

 

  • /var/log/messages – Where whole system logs or current activity logs are available.
  • /var/log/auth.log – Authentication logs.
  • /var/log/cron.log – Crond logs (cron job).
  • /var/log/maillog – Mail server logs.
  • /var/log/mysqld.log – MySQL database server log file.
  • /var/log/secure – Authentication log.
  • /var/log/yum.log: Yum log files.

 

8. Close unused ports with iptables.

http://wiki.vpsget.com/index.php/Iptables_example_block_all_except_specified

List the ports which are currently in use:

# netstat -tulpn

At least it's good to block UDP (except port 53) and block ICMP in/out in webserver default scenario. If you are using UDP you can block all ports except some used ranges specified.

Feel free to contact our support team if you need any assistance in securing your VPS.

Was this answer helpful?

 Print this Article

Also Read

Mysql

Installing mysql: yum install mysql-server Enter to mysql: mysql -u user -p password...

DDoS

Diagnostic To display how many http connections are open at the moment, enter: netstat |...

Squid+Privoxy+Tor

How to install squid with tor [NOTE: According to vpsget.com AUP/TOS you can use private proxy...

Forward (redirect/nat) traffic with iptables

If you want to redirect/nat some traffic to IP 2.2.2.2 via IP 1.1.1.1, it simply can be done...

LXDE + xrdp

How to install Lightweight X11 Desktop Environment (LXDE) on Ubuntu. apt-get update...