Operation and Maintenance
Linux Operation and Maintenance
How to protect your Linux server using the command line
How to protect your Linux server using the command line
How to use the command line to protect your Linux server
Overview:
In today’s digital age, server security is particularly important. As server administrators, we need to take a series of measures to protect our Linux servers. The command line is a very effective tool that can help us achieve this goal. This article will explain how to use the command line to protect your Linux server and provide some code examples.
1. Update the system
It is very important to keep the server operating system up to date. We can use the following command to update the system:
sudo apt update
sudo apt upgrade
2. Use the firewall
The firewall is the first line of defense to protect the server. We can use iptables commands to configure and manage firewall rules. Here are some commonly used examples:
- Allow specific IP addresses to access the SSH port (default is 22):
sudo iptables -A INPUT -p tcp -s 192.168.1.100 --dport 22 - j ACCEPT - Allow specific IP address range to access HTTP port (default is 80):
sudo iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 80 -j ACCEPT - Deny all other inbound connections:
sudo iptables -A INPUT -j DROP
3. Use Fail2Ban to protect SSH
Fail2Ban is an open source intrusion prevention tool that can protect The server is protected from brute force attacks. Here is an example of how to use Fail2Ban to secure SSH:
- Install Fail2Ban:
sudo apt install fail2ban - Edit the Fail2Ban configuration file:
sudo nano /etc/fail2ban /jail.local - Add the following content to the file:
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log /auth.log
maxretry = 3
bantime = 3600 - Restart the Fail2Ban service:
sudo service fail2ban restart
4. Use defensive DNS settings
Using defensive DNS settings can help block malicious traffic on your server. Here is an example:
- Edit the resolv.conf file:
sudo nano /etc/resolv.conf - Add the following to the file (Google Public DNS):
nameserver 8.8.8.8
nameserver 8.8.4.4 - Save and exit the file.
5. Use secure SSH configuration
SSH is an important way to access the server remotely, but it is also vulnerable to attacks. The following are some suggested modifications in the configuration file /etc/ssh/sshd_config:
- Change the SSH default port (a port above 1024 is recommended):
Port 2222 - Disable root User login:
PermitRootLogin no - Restrict users who can log in:
AllowUsers user1 user2 - Disable password login, use key login:
PasswordAuthentication no - Change login response time:
LoginGraceTime 60 - Disable empty passwords:
PermitEmptyPasswords no - Save and exit the file, restart the SSH service:
sudo service ssh restart
6. Use password strength check
In order to protect the server account, we can use the passwdqc command to check the password strength. Here is an example:
- Install passwdqc:
sudo apt install libpam-passwdqc - Edit the password policy configuration file:
sudo nano /etc/pam.d/ common-password - Add the following line (after the password requisite line):
password requisite pam_passwdqc.so min=disabled,disabled,16,12,8 - Save and exit the file.
Summary:
By using the command line to protect a Linux server, we can increase the security of the server and prevent malicious attacks. This article introduces some common command line operations and code examples for server administrators' reference and use. At the same time, we should always pay attention to the latest information on server security and promptly update systems and tools to deal with new security threats. Securing servers is a process of continuous learning and continuous improvement.
The above is the detailed content of How to protect your Linux server using the command line. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1378
52
Docker under Linux: How to ensure the security and isolation of containers?
Jul 31, 2023 pm 07:24 PM
Docker under Linux: How to ensure the security and isolation of containers? With the rapid development of cloud computing and container technology, Docker has become a very popular containerization platform. Docker not only provides a lightweight, portable and scalable container environment, but also has good security and isolation. This article will introduce how to ensure the security and isolation of Docker containers under Linux systems, and give some relevant code examples. Use the latest Docker version Docker
In-depth understanding of Cookies in Java: detailed explanation of functions, applications and security
Jan 03, 2024 pm 02:44 PM
Understanding Cookies in Java in One Article: Analysis of Functions, Applications and Security Introduction: With the rapid development of the Internet, Web applications have become an indispensable part of people's lives. In order to realize users' personalized needs and provide a better user experience, web applications must be able to persistently store user data and status. In Java, Cookies are widely used for these needs. This article will introduce the basic concepts, functions and application of Cookie in Java, and also discuss Cookie
Security and Vulnerability Prevention -- Avoiding Web Application Security Risks
Sep 09, 2023 am 10:45 AM
Security and Vulnerability Prevention - Avoiding Security Risks of Web Applications With the booming development of the Internet, Web applications are increasingly becoming an indispensable part of people's lives and work. However, various security risks and vulnerability threats also come with it. This article will explore some common web application security risks and provide code examples to help developers avoid these risks. 1. Cross-site scripting attack (XSS) XSS attack is a common and dangerous web application security vulnerability. An attacker injects a web application with
Common security vulnerabilities on Linux servers and how to fix them
Jul 03, 2023 pm 01:36 PM
Common security vulnerabilities on Linux servers and their repair methods With the development of the Internet, Linux servers have become the first choice for many enterprises and individuals. However, in the process of using Linux servers, we also have to face the risk of security vulnerabilities. Security vulnerabilities will bring many potential risks to the server, including data leakage, system crash, malicious code execution, etc. Therefore, it is crucial to detect and fix security vulnerabilities promptly. This article will introduce some common Linux server security vulnerabilities and provide corresponding repair methods.
PHP study notes: security and defense measures
Oct 09, 2023 pm 03:01 PM
PHP Study Notes: Security and Defense Measures Introduction: In today's Internet world, security is very important, especially for Web applications. As a commonly used server-side scripting language, PHP security has always been an aspect that developers must pay attention to. This article will introduce some common security issues in PHP and provide sample code for some defensive measures. 1. Input validation Input validation is the first line of defense in protecting web application security. In PHP, we usually use filtering and validation techniques to ensure
Linux server settings to improve web interface security.
Sep 10, 2023 pm 12:21 PM
Linux server settings to improve Web interface security With the development of the Internet, the security of Web interfaces has become particularly important. Setting up proper security measures on your Linux server can greatly reduce potential risks and attacks. This article will introduce some Linux server settings that improve the security of web interfaces and help you protect your website and user data. 1. Update operating systems and software It’s important to keep operating systems and software up to date as they often fix security vulnerabilities. Regular updates can prevent
Laravel Development Notes: Security Best Practices and Recommendations
Nov 22, 2023 am 08:41 AM
Laravel Development Notes: Security Best Practices and Recommendations As network security threats continue to increase, security has become an important consideration in the web application development process. When developing applications using the Laravel framework, developers need to pay special attention to security issues to protect user data and applications from attacks. This article will introduce some security best practices and suggestions that need to be paid attention to in Laravel development to help developers effectively protect their applications. Prevent SQL injection attacksSQL injection
Improve your Linux server security with command line tools
Sep 09, 2023 am 11:33 AM
Improve your Linux server security with command line tools In today’s digital age, server security is an important issue that any business or individual needs to pay attention to. By strengthening your server's security, you can prevent malicious attacks and data leaks. Linux servers are widely used in various application scenarios because of their stability and customizability. In this article, we will introduce some command line tools that can help strengthen the security of your Linux server. Fail2BanFail2Ban is a monitoring and response service
