5 Ways to Security Harden Your Linux System


1. Don’t Use FTP or Telnet

I only use SSH to interact with my remote machine. Your Linux distribution should come with SSH tools already installed, but in case it doesn’t, use OpenSSH.

2. Keep Kernel and Software Up to Date

If you use apt:

# apt-get update && apt-get upgrade

Apticron is a package that emails you when security updates are available.

# apt-get install apticron

3. User Accounts and Strong Password Policy

Use the useradd / usermod commands to create and maintain user accounts. The chage command changes the number of days between password changes and the date of the last password change. To get a user’s password expiration info:

# chage -l [username]

See man chage for more.

Show Login Failures

$ faillog

Lock and unlock accounts, respectively, with

# passwd -l [username]
# passwd -u [username]

Check No Accounts Have Empty Passwords

# awk -F: '($2 == "") {print}' /etc/shadow

Make Sure No Non-Root Accounts Have UID Set To 0

Accounts with UID 0 have full system privileges. Check that you only have one line (root:x:0:0:root:/root:/bin/bash) when you run this command:

# awk -F: '($3 == "0") {print}' /etc/passwd

4. Disable Root Login

Don’t login as root. Use sudo.

5. Disable Unwanted Services

Find Listening Network Ports

Close any ports and associated network services you don’t need.

# nmap -sT -O localhost