Understanding Linux Server Security: Essential Knowledge and Skills

Understand Linux server security: essential knowledge and skills

With the continuous development of the Internet, Linux servers are increasingly used in various fields. However, since servers store a large amount of sensitive data, their security issues have also become the focus of attention. This article will introduce some essential Linux server security knowledge and skills to help you protect your server from attacks.

1. Update and maintain the operating system and software
   Timely updating the operating system and software is an important part of maintaining server security. Because every operating system and software has various vulnerabilities, hackers can use these vulnerabilities to invade the server. By using package management tools, we can easily update systems and software. In CentOS, we can use the following command to perform the update operation:

sudo yum update

In Ubuntu, we can use the following command to perform the update operation:

sudo apt-get update

2. User and Permission Management
   Reasonable user and permission management is the key to protecting server security. In order to reduce the risk of attackers, it is recommended to set up users and groups according to the principle of least privilege. At the same time, it is prohibited to use the root account for remote login. Use an ordinary user account to log in and then switch to the root account for management operations.

The following example demonstrates how to add users and assign permissions:

sudo useradd -m -s /bin/bash newuser  # 添加用户
sudo passwd newuser  # 设置用户密码
sudo usermod -aG sudo newuser  # 将用户加入sudo组，授予管理员权限

3. Configuring the firewall
   Configuring the firewall is an important means of protecting the server from malicious network traffic. In Linux systems, you can use iptables or firewalld for firewall configuration. The following is an example of creating a rule using iptables:

sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT  # 允许SSH连接
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT  # 允许HTTP连接
sudo iptables -A INPUT -j DROP  # 其他流量全部拒绝

4. Login using a key
   Compared to logging in using a password, logging in using a key is more secure. Key login uses a public key-private key method for authentication, and the private key is more difficult to intercept and crack by attackers during encryption and transmission. Here is an example of logging in using a key:

First, generate the public and private keys locally:

ssh-keygen -t rsa -b 4096

Then, copy the public key to ~/ on the server. In the ssh/authorized_keys file:

cat ~/.ssh/id_rsa.pub | ssh user@server 'cat >> ~/.ssh/authorized_keys'

Finally, use the private key to log in to the server:

ssh -i ~/.ssh/id_rsa user@server

5. Monitoring log files
   Monitoring log files can detect signs of system intrusion in a timely manner. Common log files include /var/log/auth.log (records authentication information), /var/log/syslog (records system information), /var/log/apache2/access.log (records Apache access information), etc. By regularly checking these log files, we can detect abnormalities in time and take appropriate measures.

tail -f /var/log/auth.log  # 实时监控认证日志
grep "Failed password" /var/log/auth.log  # 查找登录失败的记录

Summary
Protecting Linux server security is a basic task for every server administrator. This article introduces some essential Linux server security knowledge and skills, including updating and maintaining the operating system and software, user and permission management, configuring firewalls, using keys to log in and monitoring log files, etc. By learning and practicing these knowledge and skills, we can better protect our servers from attacks and ensure the security of our data.

The above is the detailed content of Understanding Linux Server Security: Essential Knowledge and Skills. For more information, please follow other related articles on the PHP Chinese website!