简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
Home > Operation and Maintenance > Linux Operation and Maintenance > body text

Starting from the command line: Building a secure Linux server environment

WBOY
Release: 2023-09-08 09:14:05
Original
1032 people have browsed it

Starting from the command line: Building a secure Linux server environment

Start from the command line: Build a secure Linux server environment

With the development of the Internet, more and more companies and individuals have begun to build their own servers for hosting Websites, apps, etc. However, security issues also arise. In order to ensure the security of the server, we need to build a secure Linux server environment starting from the command line. This article will introduce some key steps and code examples to help you build a more secure Linux server environment.

  1. Update operating system and software

Before you begin, first make sure that your server operating system and software are up to date. System and packages can be updated by using the following command: 

sudo apt update
sudo apt upgrade
sudo apt dist-upgrade
Copy after login
  1. Change SSH port

By default, the SSH service uses port 22. To increase the security of the server, we can change the SSH port to another port. For example, to change the SSH port to 2222, you can use the following command: 

sudo nano /etc/ssh/sshd_config
Copy after login

Find the following line: 

#Port 22
Copy after login

Modify it to: 

Port 2222
Copy after login

Save and close the file. Next, reload the SSH service and set it to start automatically at boot: 

sudo systemctl reload sshd
sudo systemctl enable sshd
Copy after login
  1. Configuring the firewall

The firewall is the first line of defense to protect the server. We can use ufw to configure firewall rules. First, install ufw: 

sudo apt install ufw
Copy after login

Then, enable the firewall and set the default rules: 

sudo ufw enable
sudo ufw default deny incoming
sudo ufw default allow outgoing
Copy after login

Next, set the allowed ports. For example, to allow SSH, HTTP, and HTTPS traffic: 

sudo ufw allow 2222/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
Copy after login

Finally, reload the firewall rules: 

sudo ufw reload
Copy after login
  1. Install and configure Fail2Ban

Fail2Ban is a Powerful protection tools can prevent brute force cracking, malicious login and other attacks. First, install Fail2Ban: 

sudo apt install fail2ban
Copy after login

Then, copy the default configuration file and modify it: 

sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
sudo nano /etc/fail2ban/jail.local
Copy after login

Find the following line: 

[sshd]
Copy after login

Modify it to: 

[sshd]
enabled = true
port = ssh
Copy after login

Save and close the file. Finally, reload the Fail2Ban configuration: 

sudo systemctl reload fail2ban
sudo systemctl enable fail2ban
Copy after login
  1. Configure regular backups

Regular backups are key to ensuring the security of server data. You can use rsync to implement regular backups. First, install rsync: 

sudo apt install rsync
Copy after login

Then, create a backup script file: 

nano backup.sh
Copy after login

Add the following content to the backup script file: 

#!/bin/bash

BACKUP_DIR="/path/to/backup/directory"
SOURCE_DIR="/path/to/source/directory"

rsync -avz --delete $SOURCE_DIR $BACKUP_DIR
Copy after login

Place /path Replace /to/backup/directory with the destination directory where you want the backup to be stored, and /path/to/source/directory with the source directory you want to back up. Save and close the file. Next, set the backup script as an executable file and create a scheduled task: 

chmod +x backup.sh
crontab -e
Copy after login

Add the following line to execute the backup script at 3 am every day: 

0 3 * * * /path/to/backup.sh
Copy after login

Save and close the file.

Build a secure Linux server environment on the command line by following the steps above. This will ensure your server is more secure, effectively protecting your data and applications from malicious attacks. Remember to update the system and software in time, change the SSH port, configure the firewall, install and configure Fail2Ban, set up regular backups and other key steps. I hope this article can help you build a more secure Linux server environment.

The above is a Chinese article of nearly 1,500 words, titled "Start from the command line: Building a secure Linux server environment". The article gives some key steps and code examples to help readers build a more secure Linux server environment.

The above is the detailed content of Starting from the command line: Building a secure Linux server environment. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
Build a secure linux server
source:php.cn
Previous article:Linux Server Security: Hardening Web Interfaces to Block XXE Attacks. Next article:Learn to use command line tools: essential skills to improve server security
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Latest Issues
Avoid including domain logic in the repository layer In my current application I need to create an apiGET route "/inactive-users" whi...
From 2024-04-02 00:02:19
0
1
418
How do I link to a custom library when building MySQL server from source? I installed MySQL server using the standard source distribution (mysql-server-8.0) accordi...
From 2024-04-01 14:30:27
0
1
296
Related Topics
More>
Popular Recommendations
Popular Tutorials
More>
Related Tutorials
Popular Recommendations
Latest courses
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!