Securing your Linux server(s) is a difficult and time consuming task for System Administrators but its necessary to harden the server\u2019s security to keep it safe from Attackers and Black Hat Hackers. You can secure your server by configuring the system properly and installing as minimum softwares as possible. There are some tips which can help you secure your server from network and privilege escalation attacks.<\/p>\n
Outdated kernel is always prone to several network and privilege escalation attacks. So you can update your kernel using\u00a0apt<\/strong>\u00a0in Debian or\u00a0yum<\/strong>\u00a0in Fedora.<\/p>\n Cron jobs running by root or high privilege account can be used as a way to gain high privileges by attackers. You can see running cron jobs by<\/p>\n You should block any unnecessary inbound or outbound connection on uncommon ports. You can update your firewalls rules by using\u00a0iptables<\/strong>. Iptables is a very flexible and easy to use utility used to block or allow incoming or outgoing traffic. To install, write<\/p>\n Here\u2019s an example to block incoming on FTP port using iptables<\/p>\n Stop any unwanted services and daemons running on your system. You can list running services using following commands.<\/p>\n [<\/span>\u00a0+\u00a0]<\/span>\u00a0 acpid \u2026snip…<\/p><\/div>\n<\/div>\n OR using the following command<\/p>\n To stop a service, type<\/p>\n OR<\/p>\n Utilities like rkhunter and chkrootkit can be used to detect known and unknown backdoors and rootkits. They verify installed packages and configurations to verify system\u2019s security. To install write,<\/p>\n To scan your system, type<\/p>\n [<\/span>\u00a0Rootkit Hunter version 1.4.6\u00a0]<\/span><\/p>\n Checking system commands…<\/p>\n Performing\u00a0‘strings’<\/span>\u00a0command<\/span>\u00a0checks Performing\u00a0‘shared libraries’<\/span>\u00a0checks Performing\u00a0file<\/span>\u00a0properties checks …snip…<\/p><\/div>\n<\/div>\n You should check for listening ports that aren\u2019t used and disable them. To check for open ports, write.<\/p>\n tcp\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a00<\/span>\u00a0 \u00a0\u00a00<\/span>\u00a0127.0.0.1:6379<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a00.0.0.0:*<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0LISTEN\u00a0 \u00a0\u00a0\u00a02136<\/span>\/<\/span>redis-server\u00a01<\/span><\/p>\n tcp\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a00<\/span>\u00a0 \u00a0\u00a00<\/span>\u00a00.0.0.0:111<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a00.0.0.0:*<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0LISTEN\u00a0 \u00a0\u00a0\u00a01273<\/span>\/<\/span>rpcbind<\/p>\n tcp\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a00<\/span>\u00a0 \u00a0\u00a00<\/span>\u00a0127.0.0.1:5939<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a00.0.0.0:*<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0LISTEN\u00a0 \u00a0\u00a0\u00a02989<\/span>\/<\/span>teamviewerd<\/p>\n tcp\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a00<\/span>\u00a0 \u00a0\u00a00<\/span>\u00a0127.0.0.53:53<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a00.0.0.0:*<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0LISTEN\u00a0 \u00a0\u00a0\u00a01287<\/span>\/<\/span>systemd-resolv<\/p>\n tcp\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a00<\/span>\u00a0 \u00a0\u00a00<\/span>\u00a00.0.0.0:22<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a00.0.0.0:*<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0LISTEN\u00a0 \u00a0\u00a0\u00a01939<\/span>\/<\/span>sshd<\/p>\n tcp\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a00<\/span>\u00a0 \u00a0\u00a00<\/span>\u00a0127.0.0.1:631<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a00.0.0.0:*<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0LISTEN\u00a0 \u00a0\u00a0\u00a020042<\/span>\/<\/span>cupsd<\/p>\n tcp\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a00<\/span>\u00a0 \u00a0\u00a00<\/span>\u00a0127.0.0.1:5432<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a00.0.0.0:*<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0LISTEN\u00a0 \u00a0\u00a0\u00a01887<\/span>\/<\/span>postgres<\/p>\n tcp\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a00<\/span>\u00a0 \u00a0\u00a00<\/span>\u00a00.0.0.0:25<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a00.0.0.0:*<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0LISTEN\u00a0 \u00a0\u00a0\u00a031259<\/span>\/<\/span>master<\/p>\n …snip…<\/p><\/div>\n<\/div>\n Use an IDS to check network logs and to prevent any malicious activities. There\u2019s an open source IDS Snort available for Linux. You can install it by,<\/p>\n To monitor network traffic, type<\/span><\/p>\n Running\u00a0in<\/span>\u00a0packet dump mode Initializing Output Plugins!<\/span> Acquiring network traffic from\u00a0“tun0”<\/span>. —<\/span>== Initialization Complete ==–<\/p>\n …snip…<\/p><\/div>\n<\/div>\n
\n$\u00a0sudo<\/span>\u00a0apt-get dist-upgrade<\/span><\/div>\n<\/div>\nDisabling Root Cron Jobs<\/strong><\/h3>\n
Strict Firewall Rules<\/strong><\/h3>\n
Disable unnecessary Services<\/strong><\/h3>\n
\n[<\/span>\u00a0–\u00a0]<\/span>\u00a0 alsa-utils
\n[<\/span>\u00a0–\u00a0]<\/span>\u00a0 anacron
\n[<\/span>\u00a0+\u00a0]<\/span>\u00a0 apache-htcacheclean
\n[<\/span>\u00a0+\u00a0]<\/span>\u00a0 apache2
\n[<\/span>\u00a0+\u00a0]<\/span>\u00a0 apparmor
\n[<\/span>\u00a0+\u00a0]<\/span>\u00a0 apport
\n[<\/span>\u00a0+\u00a0]<\/span>\u00a0 avahi-daemon
\n[<\/span>\u00a0+\u00a0]<\/span>\u00a0 binfmt-support
\n[<\/span>\u00a0+\u00a0]<\/span>\u00a0 bluetooth
\n[<\/span>\u00a0–\u00a0]<\/span>\u00a0 cgroupfs-mount<\/p>\nCheck for Backdoors and Rootkits<\/strong><\/h3>\n
\nChecking\u00a0‘strings’<\/span>\u00a0command<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0[<\/span>\u00a0OK\u00a0]<\/span><\/p>\n
\nChecking\u00a0for<\/span>\u00a0preloading variables\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0[<\/span>\u00a0None found\u00a0]<\/span>
\nChecking\u00a0for<\/span>\u00a0preloaded libraries\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0[<\/span>\u00a0None found\u00a0]<\/span>
\nChecking LD_LIBRARY_PATH variable\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0[<\/span>\u00a0Not found\u00a0]<\/span><\/p>\n
\nChecking\u00a0for<\/span>\u00a0prerequisites\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0[<\/span>\u00a0OK\u00a0]<\/span>
\n\/<\/span>usr\/<\/span>sbin\/<\/span>adduser\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0[<\/span>\u00a0OK\u00a0]<\/span>
\n\/<\/span>usr\/<\/span>sbin\/<\/span>chroot<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0[<\/span>\u00a0OK\u00a0]<\/span><\/p>\nCheck Listening Ports<\/strong><\/h3>\n
\nActive Internet connections\u00a0(<\/span>only servers)<\/span>
\nProto Recv-Q Send-Q Local Address\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Foreign Address\u00a0\u00a0\u00a0State\u00a0\u00a0 \u00a0\u00a0\u00a0PID\/<\/span>Program name<\/p>\nUse an IDS (Intrusion Testing System)<\/strong><\/h3>\n
\n$\u00a0wget<\/span>\u00a0https:\/\/<\/span>www.snort.org\/<\/span>downloads\/<\/span>snort\/<\/span>snort-2.9.12.tar.gz
\n$\u00a0tar<\/span>\u00a0xvzf daq-2.0.6.tar.gz
\n$\u00a0cd<\/span>\u00a0daq-2.0.6
\n$ .\/<\/span>configure\u00a0&&<\/span>\u00a0make<\/span>\u00a0&&<\/span>\u00a0sudo<\/span>\u00a0make<\/span>\u00a0install<\/span>
\n$\u00a0tar<\/span>\u00a0xvzf snort-2.9.12.tar.gz
\n$\u00a0cd<\/span>\u00a0snort-2.9.12
\n$ .\/<\/span>configure\u00a0–enable-sourcefire<\/span>\u00a0&&<\/span>\u00a0make<\/span>\u00a0&&<\/span>\u00a0sudo<\/span>\u00a0make<\/span>\u00a0install<\/span><\/div>\n<\/div>\n
\n—<\/span>== Initializing Snort ==–<\/p>\n
\npcap DAQ configured to passive.<\/p>\n
\nDecoding Raw IP4<\/p>\nDisable Logging as Root<\/strong><\/h3>\n