Create a secure Linux server environment: Master these commands

Create a secure Linux server environment: Master these commands

Introduction:
In the Internet age, protecting server security is crucial. As a stable, secure and customizable operating system, Linux has become the first choice for many servers. This article will introduce some commonly used Linux commands to help administrators create a secure Linux server environment.

1. Update system software:

First, make sure all software on the server is up to date. This can be done with the following command:

sudo apt update
sudo apt upgrade

The above command will check for available software updates and install them.

2. Add a new user:

It is dangerous to use the root user to perform tasks on the server. In order to improve security, we should create an independent account for each user and restrict its permissions. Here are some useful commands for adding and managing users:

• Create new user:

sudo adduser username

• Grant sudo permissions:

sudo usermod -aG sudo username

• Delete existing users:

sudo deluser username

3. Configure firewall:

The firewall is a key component to protect the server from malicious access. Linux servers often use iptables as a firewall tool. The following are some commonly used commands:

• Display the current firewall rules:

sudo iptables -L

• Allow specific ports through the firewall:

sudo iptables -A INPUT -p tcp --dport port_number -j ACCEPT

• Block specific IP addresses:

sudo iptables -A INPUT -s IP_address -j DROP

• Save firewall configuration:

sudo iptables-save > /etc/iptables/rules.v4 (IPv4)
sudo ip6tables-save > /etc/iptables/rules.v6 (IPv6)

4. Encrypt data transmission:

To protect sensitive data on the server, encryption protocols such as SSL/TLS should be used. Here are some relevant commands:

• Generate SSL certificate and private key:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/key.key -out /etc/ssl/certs/cert.crt

• Configure NGINX to use SSL:

sudo nano /etc/nginx/sites-available/default

在server块中添加以下行：
listen 443 ssl;
ssl_certificate /etc/ssl/certs/cert.crt;
ssl_certificate_key /etc/ssl/private/key.key;

保存并退出文件。重启NGINX：
sudo systemctl restart nginx

5. Regular backup of data:

Regular backup is an important means to restore the server system and data. The following are some backup-related commands:

• Copy files and directories:

cp -r /path/to/source /path/to/destination

• Compress files and directories:

tar -czvf archive_name.tar.gz /path/to/directory_or_file

• Delete old backups:

find /path/to/backups -mtime +7 -type f -delete

6. Update and monitor logs:

Monitoring system logs is an important way to discover potential security issues. Here are some related commands:

• Update log:

sudo journalctl --vacuum-size=50M

• Monitoring log:

sudo tail -f /var/log/syslog

• View single Log file:

sudo cat /var/log/auth.log

Conclusion:
Creating a secure Linux server environment requires mastering some basic commands and techniques. This article introduces some commonly used commands, but it's just the tip of the iceberg. Further learning and mastering Linux commands and security technologies will help build a more secure and reliable server environment.

The above is the detailed content of Create a secure Linux server environment: Master these commands. For more information, please follow other related articles on the PHP Chinese website!