The key to Linux server security: Effective use of the command line

The key to Linux server security: Effective use of the command line

In the current digital era, the development of computer technology has brought unprecedented opportunities and challenges to enterprises. However, with the popularity of the Internet and the frequent occurrence of data security incidents, server security has received more and more attention. For Linux servers, effective use of the command line is a key factor in ensuring server security.

The command line is the core of the Linux system. It not only provides rich functions and flexible operation methods, but also can control the server without a graphical user interface. Here are a few ways to effectively use the command line to improve server security.

1. Update system and software

Keeping your system and software up to date is one of the important steps to ensure server security. Operating systems and software programs can be easily updated via the command line. The following are examples of commands to update software on Debian/Ubuntu systems:

sudo apt update
sudo apt upgrade

Before executing these commands, you need to ensure that the system is connected to the Internet. Updating systems and software can fix security vulnerabilities and provide the latest security patches to reduce potential security risks.

2. Set strong passwords

Strong passwords are one of the effective ways to protect your server from unauthorized access. Through the command line, you can set the complexity and expiration date of user passwords. The following is an example of a command to set a user password policy on a Linux system:

Modify the password complexity policy:

sudo nano /etc/login.defs

Find the PASS_MAX_DAYS and PASS_MIN_DAYS parameters to set the maximum number of valid days and the minimum number of days to change the password .

Modify the minimum password length:

sudo nano /etc/pam.d/common-password

Find the minlen parameter in the file and change it to the required minimum length.

3. Manage user permissions

For Linux servers, correctly managing user permissions is the key to ensuring server security. Through the command line, you can control user access to files and directories. Here are some commonly used commands:

Add a user:

sudo adduser username

Assign a user to a specific group:

sudo usermod -aG groupname username

Change permissions on a file or directory:

sudo chmod permissions file/directory

For example, set the owner permissions of the file to read and write, and set the read-only permissions for the group and other users:

sudo chmod 644 filename

4. Firewall settings

Linux system comes with it Firewall tools such as iptables can help administrators protect servers from network attacks. Through the command line, you can configure firewall rules to restrict untrusted network traffic. The following are some examples of commonly used firewall setting commands:

View firewall rules:

sudo iptables -S

Allow traffic on specific ports:

sudo iptables -A INPUT -p tcp --dport portnumber -j ACCEPT

Deny access to specific IP addresses:

sudo iptables -A INPUT -s IPAddress -j DROP

5. Use key login

Key login is a more secure way to replace the traditional username and password login method. From the command line, you can generate a key pair and configure the server to accept key logins. The following are some commonly used key login command examples:

Generate a key pair:

ssh-keygen -t rsa

Copy the public key to the server:

ssh-copy-id username@server_ip

Modify the server SSH configuration file, Disable password login:

sudo nano /etc/ssh/sshd_config

Find the PasswordAuthentication parameter and set it to no.

6. Protect Confidential Information

Sensitive information stored on Linux servers (such as database passwords, API keys, etc.) needs to be properly protected to prevent unauthorized access . Via the command line, you can encrypt sensitive files using encryption algorithms. The following are some commonly used encryption and decryption command examples:

Encrypted files:

openssl aes-256-cbc -in inputfile -out outputfile

Decrypted files:

openssl aes-256-cbc -d -in inputfile -out outputfile

The above are some methods that effectively improve the security of Linux servers through the command line. method. Of course, server security does not only rely on the use of the command line, but also needs to be combined with other security measures to fully protect the server. Therefore, administrators should constantly learn and update their knowledge to respond to ever-changing security threats.

The above is the detailed content of The key to Linux server security: Effective use of the command line. For more information, please follow other related articles on the PHP Chinese website!