By: Tommy Craddock

At Hivelocity we sell a few hundred Linux dedicated servers or Virtual Private Servers (VPS) every month.  As a hosting provider and data center with thousands of dedicated and virtual servers our techs are on site 24/7 assisting our customers as issues arise.  Many of the dedicated servers we deploy are “self-managed” which leaves the responsibility of maintaining securing a Linux server up to each customer.  Over the last decade plus of providing hosting services we have seen a wide range of security practices employed.  We thought it was a good idea to list a handful of “best practices” that we recommend for every Linux dedicated server.  If you employ each of the following security practices you will greatly reduce the risk of having your data compromised.  The other option is to add managed services to your server and allow us to handle things for you.

There are several Linux server “best practices” that Linux server administrators can follow to protect information from intruders. Unfortunately not all professionals are aware of these fairly simple tasks which include:

· Analyzing the system with root kit checker

· Creating a root login detector and emailer

· Setting an SSH MOTD

· Using secure SSH Logins

· Identifying nuke PHP shells

· Encrypting data

· Enable a firewall

 

Analyzing the System with Root Kit Checker

A common practice among hackers is to install a rootkit on Linux dedicated servers without the administrator being alerted. Some root kit programs are even coded to run at a specific time. Luckily there is a fairly easy method of checking for this issue. First, open up a terminal and type in the following:

Cd ~

wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

tar xvzf chkrootkit.tar.gz

cd chkrootkit-0.44

make sense

To execute, type:

~/chkrootkit-0.44/chkrootkit

This is an activity that should be run on a daily basis.

 

Creating a Root Login Detector and Emailer

This is a simple yet effective trick that warns the administrator if an intruder manages to use the admin login password on a server. The first step is to edit .bash_profile for the root. In a text editor, add the following line at the end of the file:

echo ‘ALERT – Root Shell Access on:’ `date` `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” [email protected]

Replace [email protected] with the administer email address. Do not forget to the save the file prior to exiting.

 

Setting an SSH MOTD

Another excellent Linux server “best practices” method is to set up an SSH MOTD. This practice will provide a message to those entering the system that permissions are only granted to those authorized by the administrator. To add this message, first open a text editor and /etc/motd. Save the following message (or similar content) to the file and exit:

“This system is restricted to authorized access only. All activities on this system are recorded and logged. Unauthorized access will be fully investigated and reported to the appropriate law enforcement agencies.”

 

Using Secure SSH Logins

For servers running more than one IP, it is important to bind an SSHD to one of the IP addresses and do not use it for any other tasks. This practice will add an additional layer of security to the server.

First, edit /etc/ssh/sshd_config. Next, find the section of code that resembles the following:

#Port 22

#Protocol 2, 1

#ListenAddress 0.0.0.0

#ListenAddress ::

Remove the comment from the Port section and input any other number than 22. Typically a number above 40,000 is best. Also, change Protocol 2, 1 to only Protocol 2. Additionally, when using more than one IP, update the listen address accordingly.

The next step is to disable the root login using SSH. Search for #PermiteRootLogin YES and alter it to read PermitRootLogin NO. Finally, type restart SSHD and confirm functionality.

 

Identifying Nuke PHP Shells

Intruders often add nuke PHP shells to a server for easy access at a later time. To remove suspicious looking files, run the following commands:

locate irc

locate BNC

locate ptlink

locate BitchX

locate guardservices

locate psyBNC

locate eggdrop

locate bnc

locate .rhosts

As a word of caution, this method will often highlight legitimate files. Therefore, be cognizant prior to removing any from the server.

 

Encrypting Data

Encrypting all data is one of the easiest and safest protection methods for any server. This will essentially transform the data leaving and entering the server into an unreadable code. The intruder will only be able to view data as a jumbled mess of computer language.

 

Firewall

The final protective method is to add or enable the firewall on the server. This can usually be accomplished in control panels such as Cpanel. The firewall will block incoming requests and will secure the FTP and eliminate malicious files such with malware and viruses.

1 thought on “Best Practices for Securing a Linux Server”

  1. I have learned new things by means of your site. One other thing I would like to say is the fact newer personal computer os’s are inclined to allow a lot more memory to be used, but they also demand more memory simply to operate. If someone’s computer is unable to handle far more memory as well as the newest computer software requires that storage increase, it is usually the time to shop for a new PC. Thanks

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Articles

Header image icon merging a dedicated server stack with a brick-and-mortar retail store
In the Datacenter

Dedicated Server Solutions for Traditional Retail

This probably comes as a surprise to no one, but the truth is, it’s a hard time to be a traditional, brick-and-mortar retailer. This statement has been true for years, but thanks to the rise of e-commerce and the unshakeable positioning of industry giants like Amazon and Alibaba, it’s easier …

Continue read
Hivelocity News

Is Hivelocity’s TPA2 Your Next Data Center?

Over the last six months, one of the country’s biggest power companies as well as one of its largest cable providers have both reached out asking to utilize footage of our Hivelocity TPA2 data center for upcoming commercials. While we’re not at liberty yet to reveal which companies we’ve been …

Continue read
Hivelocity News

Proxmox VE Now Available with All Instant Deploy Servers

With a blend of KVM hypervisor technology and Linux Containers (LXC), Proxmox VE is the virtualization tool which can revolutionize your development environment. Now available as a default option with all Hivelocity Instant Deployment Dedicated Server purchases, scaling and maintaining your virtual infrastructure has never been easier. “In the past,” …

Continue read

Rapid Restore

Backup your entire server’s data every night and have access to 5 days of rolling restore points.  Restore your server’s data, OS and configuration any time you need it.

Our Rapid Restore service saves the day during accidental data loss, hardware failures and virus contraction. Simply pick your recovery point and restore the data from that day. 

DDoS Protection

While our competitors may advertise DDoS protection, most often, they are merely implementing easily evaded router rules or simply black-holing targeted servers. They consider this “DDoS protecting their network.” However, neither of these solutions should give comfort to any online business. Should your site be attacked, chances are likely both of these options will end with your server being taken offline. At Hivelocity, we take the responsibility of keeping your servers online very seriously. For this reason, we offer two very serious forms of DDoS protection.

FREE

Every solution we provide includes our Filtering Edge of Network System (FENS). FENS is a series of proprietary systems that proactively monitors and protects the entire Hivelocity Network from most common Denial of Service (DOS) and Distributed Denial of Service (DDoS) attacks.

$15/MONTH PER SERVER

For an extra fee, you can enhance your server’s protection further with the addition of our Server Defense System. Our Server Defense System sits in front of your server, inspecting inbound data and looking for malicious traffic. The moment an attack is detected, it instantly begins scrubbing each data packet. Hivelocity’s Server Defense System delivers business continuity even in the face of massive and complex attacks.

Our Server Defense System is like adding an alarm and armed guard to your business, alerting you to and destroying anything attempting to jump that fence. Our Server Defense System utilizes internally developed proprietary systems in addition to Corero’s Threat Defense Smartwalls for data packet scrubbing. Each of our data centers is a scrubbing center with Corero Smartwalls on-premise, allowing us to provide on-prem zero-lag data scrubbing.

SSL Certificates

The security of your online commerce and protecting your customers’ data is as important to us as it is to you. When your customers see the green bar, they will know their connection to you is protected. We offer single domain, multi-domain, and wild-card certificates.

We offer industry leading 128-bit encryption certificates, allowing you to conduct e-commerce with complete security. Inspire confidence in your customers by displaying any number of seals and indicators certifying that your site is secure.

Load Balancing

Adding this service to two servers with identical content will allow you to distribute your load evenly across your hardware. Don’t lose business because you couldn’t handle the demand. Load balance and handle your biggest resource spikes with ease.

Firewalls

Stop attacks, prevent unauthorized access, and achieve regulatory compliance. Our Juniper hardware firewalls offload the work so your server never has to consume resources protecting itself from malicious traffic. A single firewall can be used to protect multiple servers.

Cloud Storage

Cloud storage offers users redundancy and easy accessibility, ensuring your data remains secure and readily available. Scale to as much as you need for only a 20¢/GB.

Cloud Storage is distributed and replicated across many servers, protecting your data from hardware failure. Highly scalable, it can handle thousands of client connections via TCP/IP. Connect to your virtual drive with SFTP, FTP, and SSHMount and in the future NFS and AFP. Cloud Storage is based on a stackable design which is upgradeable up to 2TB per instance.