Home > Operation and Maintenance > Linux Operation and Maintenance > Create a secure Linux server environment: Master these commands

Create a secure Linux server environment: Master these commands

王林
Release: 2023-09-08 13:12:30
Original
944 people have browsed it

Create a secure Linux server environment: Master these commands

Create a secure Linux server environment: Master these commands

Introduction:
In the Internet age, protecting server security is crucial. As a stable, secure and customizable operating system, Linux has become the first choice for many servers. This article will introduce some commonly used Linux commands to help administrators create a secure Linux server environment.

  1. Update system software:

First, make sure all software on the server is up to date. This can be done with the following command:

sudo apt update
sudo apt upgrade
Copy after login

The above command will check for available software updates and install them.

  1. Add a new user:

It is dangerous to use the root user to perform tasks on the server. In order to improve security, we should create an independent account for each user and restrict its permissions. Here are some useful commands for adding and managing users:

  • Create new user:
sudo adduser username
Copy after login
  • Grant sudo permissions:
sudo usermod -aG sudo username
Copy after login
  • Delete existing users:
sudo deluser username
Copy after login
  1. Configure firewall:

The firewall is a key component to protect the server from malicious access. Linux servers often use iptables as a firewall tool. The following are some commonly used commands:

  • Display the current firewall rules:
sudo iptables -L
Copy after login
  • Allow specific ports through the firewall:
sudo iptables -A INPUT -p tcp --dport port_number -j ACCEPT
Copy after login
  • Block specific IP addresses:
sudo iptables -A INPUT -s IP_address -j DROP
Copy after login
  • Save firewall configuration:
sudo iptables-save > /etc/iptables/rules.v4 (IPv4)
sudo ip6tables-save > /etc/iptables/rules.v6 (IPv6)
Copy after login
  1. Encrypt data transmission:

To protect sensitive data on the server, encryption protocols such as SSL/TLS should be used. Here are some relevant commands:

  • Generate SSL certificate and private key:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/key.key -out /etc/ssl/certs/cert.crt
Copy after login
  • Configure NGINX to use SSL:
sudo nano /etc/nginx/sites-available/default

在server块中添加以下行:
listen 443 ssl;
ssl_certificate /etc/ssl/certs/cert.crt;
ssl_certificate_key /etc/ssl/private/key.key;

保存并退出文件。重启NGINX:
sudo systemctl restart nginx
Copy after login
  1. Regular backup of data:

Regular backup is an important means to restore the server system and data. The following are some backup-related commands:

  • Copy files and directories:
cp -r /path/to/source /path/to/destination
Copy after login
  • Compress files and directories:
tar -czvf archive_name.tar.gz /path/to/directory_or_file
Copy after login
  • Delete old backups:
find /path/to/backups -mtime +7 -type f -delete
Copy after login
  1. Update and monitor logs:

Monitoring system logs is an important way to discover potential security issues. Here are some related commands:

  • Update log:
sudo journalctl --vacuum-size=50M
Copy after login
  • Monitoring log:
sudo tail -f /var/log/syslog
Copy after login
  • View single Log file:
sudo cat /var/log/auth.log
Copy after login

Conclusion:
Creating a secure Linux server environment requires mastering some basic commands and techniques. This article introduces some commonly used commands, but it's just the tip of the iceberg. Further learning and mastering Linux commands and security technologies will help build a more secure and reliable server environment.

The above is the detailed content of Create a secure Linux server environment: Master these commands. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template