How to protect your Linux server with command line tools

How to protect your Linux server through command line tools

The security of Linux servers is crucial, and they often host important applications and data. In many cases, command line tools are a simple and efficient way to protect your Linux servers. This article will introduce some commonly used command line tools and provide code examples to help you protect your Linux server.

1. Use iptables for firewall configuration

iptables is a command line tool for configuring firewalls on Linux servers. You can protect your server from malicious traffic by allowing or denying specific network connections.

The following are some commonly used iptables command examples:

• Allow access to specific IP addresses

iptables -A INPUT -s 192.168.0.1 -j ACCEPT

• Deny access to specific IP addresses

iptables -A INPUT -s 192.168.0.2 -j DROP

• Allow access to specific ports

iptables -A INPUT -p tcp --dport 22 -j ACCEPT

• Deny access to specific ports

iptables -A INPUT -p tcp --dport 23 -j DROP

2. Use fail2ban For intrusion detection and prevention

fail2ban is a tool for detecting and blocking malicious IP addresses. It can monitor login attempts and block logins from malicious IPs via iptables.

The following is an example of how to use fail2ban to configure protected SSH:

• Install fail2ban

sudo apt-get install fail2ban

• Edit fail2ban’s configuration file

sudo vi /etc/fail2ban/jail.conf

• Open the configuration of SSH protection

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3

• Start the fail2ban service

sudo systemctl start fail2ban

3. Use ssh-keygen to generate the SSH password Key

Using SSH keys as a method of authentication is more secure than using passwords. You can use the ssh-keygen command to generate a pair of keys: a private key and a public key. Deploy the public key to the server and save the private key locally.

• Generate SSH key pair

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

• Copy the public key to the server

ssh-copy-id -i ~/.ssh/id_rsa.pub user@server

Now, you can use the private key key to authenticate via SSH without entering a password.

4. Create basic authentication using htpasswd

If you want only specific users to be able to access your website or application, you can use the htpasswd tool to create basic authentication.

• Install apache2-utils (including htpasswd)

sudo apt-get install apache2-utils

• Create a user

sudo htpasswd -c /etc/apache2/.htpasswd user1

• Place the .htpasswd file Associated with the directory or application you want to protect.

This way, only users with a valid username and password can access the directory or application.

Summary

By using command line tools to protect your Linux server, you can enhance its security. This article introduces some commonly used command line tools, including iptables, fail2ban, ssh-keygen and htpasswd. By properly configuring and using these tools, you can effectively protect your server from malicious attacks and unauthorized access.

Remember that good security practices are an ongoing process and you should update your servers frequently and check and review security settings regularly.

The above is the detailed content of How to protect your Linux server with command line tools. For more information, please follow other related articles on the PHP Chinese website!