Back to blog

Linux Server Hardening: Essential Security Steps

October 5, 2024 Dedimarco
linux security server sysadmin

After deploying and maintaining hundreds of Linux servers over the past 15 years, here’s my essential hardening checklist.

1. SSH Configuration

The first thing to change on any new server:

# /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
Port 2222
MaxAuthTries 3

Always use key-based authentication. Disable password auth entirely.

2. Firewall Setup

UFW makes this simple:

ufw default deny incoming
ufw default allow outgoing
ufw allow 2222/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable

3. Automatic Security Updates

apt install unattended-upgrades
dpkg-reconfigure -plow unattended-upgrades

4. Monitoring

Install fail2ban and set up basic monitoring:

apt install fail2ban
systemctl enable fail2ban

Conclusion

Security is not a one-time task — it’s an ongoing process. These steps cover 90% of common attack vectors.