The Beginner's Guide to Securing a Linux Server

October 10, 2025 Falcon Internet Team 34 views
The Beginner's Guide to Securing a Linux Server
VPS & Cloud Security Tutorials

Introduction: Why Server Security Matters

Running a Linux server comes with great power and great responsibility. Whether you're hosting a website, running a database, or managing a VPS, security should be your top priority from day one. An unsecured server is an open invitation to attackers, potentially leading to data breaches, service disruptions, and compromised customer information.

This comprehensive guide walks you through essential security practices for Linux servers, with a focus on Red Hat Enterprise Linux (RHEL) variants like Rocky Linux, AlmaLinux, and CentOS Stream. We'll also note Ubuntu-specific commands where they differ.

Let's secure your server properly—right from the start.

Step 1: Keep Your System Updated

The single most important security practice is keeping your system up to date. Security patches fix vulnerabilities that attackers actively exploit.

For Rocky Linux / RHEL-based Systems:

# Update all packages
sudo dnf update -y

# Enable automatic security updates
sudo dnf install dnf-automatic -y
sudo systemctl enable --now dnf-automatic.timer

For Ubuntu Users:

# Update all packages
sudo apt update && sudo apt upgrade -y

# Enable automatic security updates
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure --priority=low unattended-upgrades

Best Practice: Set a recurring reminder to check for updates weekly, even with automatic updates enabled. Critical security patches sometimes require manual intervention or system reboots.

Step 2: Secure SSH Access

SSH (Secure Shell) is how you remotely access your server. It's also the primary target for automated attacks. Securing SSH is absolutely critical.

Disable Root Login

Never allow direct root login via SSH. Always use a regular user account with sudo privileges.

# Edit SSH configuration
sudo vi /etc/ssh/sshd_config

# Change this line:
PermitRootLogin no

# Restart SSH service (Rocky/RHEL)
sudo systemctl restart sshd

# For Ubuntu:
# sudo systemctl restart ssh

Change the Default SSH Port

Moving SSH from port 22 to a non-standard port significantly reduces automated attack attempts.

# In /etc/ssh/sshd_config, change:
Port 2222

# If using SELinux (Rocky/RHEL), allow the new port:
sudo semanage port -a -t ssh_port_t -p tcp 2222

# Restart SSH
sudo systemctl restart sshd

Note: Ubuntu doesn't use SELinux by default, so you can skip the semanage command.

Use SSH Keys Instead of Passwords

SSH keys are far more secure than passwords. They're virtually impossible to brute-force.

# On your LOCAL machine (not the server):
ssh-keygen -t ed25519 -C "your_email@example.com"

# Copy your public key to the server:
ssh-copy-id -i ~/.ssh/id_ed25519.pub username@your-server-ip

# On the server, disable password authentication:
# Edit /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes

# Restart SSH
sudo systemctl restart sshd

Implement Fail2Ban

Fail2Ban automatically blocks IP addresses that show malicious signs, like too many failed login attempts.

# Install Fail2Ban (Rocky/RHEL)
sudo dnf install epel-release -y
sudo dnf install fail2ban -y

# For Ubuntu:
# sudo apt install fail2ban -y

# Create local configuration
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

# Edit configuration
sudo vi /etc/fail2ban/jail.local

# Enable and start Fail2Ban
sudo systemctl enable --now fail2ban

In jail.local, configure the SSH jail:

[sshd]
enabled = true
port = 2222
maxretry = 3
bantime = 3600
findtime = 600

Step 3: Configure a Firewall

A properly configured firewall is your server's first line of defense against network attacks.

Using Firewalld (Rocky/RHEL Default)

# Check firewall status
sudo firewall-cmd --state

# Allow SSH on custom port
sudo firewall-cmd --permanent --add-port=2222/tcp

# Allow HTTP and HTTPS
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https

# Reload firewall
sudo firewall-cmd --reload

# List all rules
sudo firewall-cmd --list-all

Using UFW (Ubuntu Default)

# Enable UFW
sudo ufw enable

# Allow SSH on custom port
sudo ufw allow 2222/tcp

# Allow HTTP and HTTPS
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

# Check status
sudo ufw status

Important: Always add your SSH port rule BEFORE enabling the firewall, or you'll lock yourself out!

Step 4: Create a Non-Root User with Sudo Access

Never work as root. Create a dedicated user account for administrative tasks.

# Create new user
sudo useradd -m -s /bin/bash yourUsername

# Set password
sudo passwd yourUsername

# Add user to sudo group (Rocky/RHEL)
sudo usermod -aG wheel yourUsername

# For Ubuntu:
# sudo usermod -aG sudo yourUsername

# Test sudo access
su - yourUsername
sudo whoami
# Should output: root

Step 5: Disable Unnecessary Services

Every running service is a potential attack vector. Disable what you don't need.

# List all running services
sudo systemctl list-unit-files --state=enabled

# Disable unnecessary services (example)
sudo systemctl disable cups
sudo systemctl stop cups

# Common services you might disable:
# - cups (printing)
# - avahi-daemon (network service discovery)
# - bluetooth
# - postfix (if not using email)

Step 6: Configure SELinux (Rocky/RHEL)

SELinux (Security-Enhanced Linux) provides mandatory access control. While it can be complex, it adds a crucial security layer.

# Check SELinux status
sestatus

# Ensure SELinux is in enforcing mode
sudo setenforce 1

# Make it permanent
sudo vi /etc/selinux/config
# Set: SELINUX=enforcing

# View SELinux denials
sudo ausearch -m avc -ts recent

# If you need to troubleshoot:
sudo sealert -a /var/log/audit/audit.log

Ubuntu Note: Ubuntu uses AppArmor instead of SELinux by default. AppArmor is generally easier to configure and provides similar protection.

Step 7: Secure Shared Memory

Shared memory can be exploited in privilege escalation attacks. Secure it by mounting with restricted permissions.

# Edit /etc/fstab and add:
tmpfs /run/shm tmpfs defaults,noexec,nosuid 0 0

# Remount
sudo mount -o remount /run/shm

Step 8: Install and Configure Anti-Malware

While Linux is less susceptible to malware than other operating systems, it's not immune—especially if hosting websites.

# Install ClamAV (Rocky/RHEL)
sudo dnf install clamav clamd clamav-update -y

# For Ubuntu:
# sudo apt install clamav clamav-daemon -y

# Update virus definitions
sudo freshclam

# Scan your system
sudo clamscan -r --bell -i /home

# Schedule regular scans (add to crontab)
sudo crontab -e
# Add: 0 2 * * * /usr/bin/clamscan -r /home >> /var/log/clamav-scan.log

Step 9: Enable Audit Logging

Audit logs help you detect and investigate security incidents.

# Install auditd (usually pre-installed on RHEL variants)
sudo dnf install audit -y

# Enable and start
sudo systemctl enable --now auditd

# Monitor failed login attempts
sudo ausearch -m USER_LOGIN -sv no

# Monitor file access
sudo auditctl -w /etc/passwd -p wa -k passwd_changes
sudo auditctl -w /etc/shadow -p wa -k shadow_changes

Step 10: Implement Regular Backups

Security isn't just about preventing attacks—it's also about recovering when things go wrong.

# Example: Create a backup script
#!/bin/bash
BACKUP_DIR="/backups"
DATE=$(date +%Y%m%d_%H%M%S)

# Backup important directories
tar -czf $BACKUP_DIR/system_backup_$DATE.tar.gz 
    /etc 
    /home 
    /var/www

# Keep only last 7 days of backups
find $BACKUP_DIR -name "system_backup_*.tar.gz" -mtime +7 -delete

Consider using professional backup services for critical data with offsite storage and automated scheduling.

Step 11: Monitor Your Server

Regular monitoring helps you catch issues before they become serious problems.

Install Monitoring Tools

# Install htop for process monitoring
sudo dnf install htop -y

# Install netdata for comprehensive monitoring
bash <(curl -Ss https://my-netdata.io/kickstart.sh)

Set Up Log Monitoring

# Monitor authentication logs in real-time
sudo tail -f /var/log/secure  # Rocky/RHEL
# sudo tail -f /var/log/auth.log  # Ubuntu

# Check for failed login attempts
sudo grep "Failed password" /var/log/secure | tail -20

Security Checklist for New Servers

Use this checklist every time you set up a new server:

  • ✓ Update all packages to latest versions
  • ✓ Create non-root user with sudo access
  • ✓ Disable root SSH login
  • ✓ Change SSH to non-standard port
  • ✓ Configure SSH key authentication
  • ✓ Disable password authentication
  • ✓ Install and configure Fail2Ban
  • ✓ Configure firewall (firewalld or UFW)
  • ✓ Enable and configure SELinux/AppArmor
  • ✓ Disable unnecessary services
  • ✓ Secure shared memory
  • ✓ Install anti-malware tools
  • ✓ Enable audit logging
  • ✓ Configure automatic security updates
  • ✓ Set up backup system
  • ✓ Install monitoring tools
  • ✓ Document all changes and configurations

Common Mistakes to Avoid

  • Not testing before deploying: Always test firewall rules on a development server first
  • Using weak passwords: Even for accounts you think are "internal only"
  • Disabling SELinux: Instead of disabling it, learn to configure it properly
  • Forgetting to backup: Security measures fail; backups save the day
  • Ignoring logs: Logs contain early warning signs of attacks
  • Skipping updates: "If it ain't broke" doesn't apply to security patches

Ongoing Security Maintenance

Server security isn't a one-time task—it requires ongoing attention:

  • Weekly: Review authentication logs, check for failed login attempts
  • Monthly: Review firewall rules, audit user accounts, test backups
  • Quarterly: Review and update security policies, conduct security audits
  • Annually: Full security assessment, review and update disaster recovery plan

When to Get Professional Help

While these steps significantly improve your server's security, some scenarios require professional expertise:

  • Hosting sensitive customer data (PCI DSS, HIPAA, or GDPR compliance)
  • Running mission-critical applications
  • Managing multiple servers or complex infrastructure
  • Recovering from a security incident
  • Conducting penetration testing

At Falcon Internet, we offer managed VPS hosting with enterprise-level security built in. Our team handles server hardening, security updates, monitoring, and incident response—so you can focus on your business.

Conclusion

Securing a Linux server might seem overwhelming at first, but by following these fundamental practices, you'll create a robust security foundation. Remember: security is a journey, not a destination. Stay informed about new threats, keep your systems updated, and regularly review your security posture.

Start with the basics we've covered here, and gradually implement more advanced security measures as you become comfortable. Your server—and your users—will thank you.

Need help securing your Linux server? Contact the Falcon Internet team for expert advice and managed hosting solutions with security built in from day one.

Tags

#Security #VPS #Tutorial #Best Practices #Linux

Share this article

Twitter Facebook LinkedIn

Related Articles