How to secure Linux systems – Auditing, Hardening and Security
How to secure Linux systems
Within this article we have a look on how to secure a Linux system. Focus of the article is providing tips regarding auditing, hardening and general security of Linux servers.
Focus on minimizing
By minimizing the footprint of the server, its data and users, we can more quickly determine if a system is running properly. Also risks will be reduced, as every part on a system might be something which can be sooner or later introduce a vulnerability.
- Remove unneeded software
- Disable and remove old accounts
Most software has to be configured. Usually it’s this same configuration which introduces weaknesses, simply due to lack of time or the right knowledge of the software.
- Harden network services
- Read application documentation for security measures
Most systems have the goal to delivery value to business processes. One of the main pillars within information security is the availability of a system.
- Create regular backups (test restores)
- Implement system monitoring
Upgrade and update
On a daily basis new software updates are released, to solve bugs, improve stability or patch a security issue. Continuous auditing helps in determining weaknesses on your systems, including missing security patches.
- Perform regular software updates
- Upgrade the OS in time, before the official support is ended.
Perform automated audits
Almost every system administrator is overwhelmed with the amount of work and activities. While this puts them under some stress, it will also increase the risk that “less important” things like installing patches are forgotten. Cleaning up a system after intrusion, or having to install it (again) is usually a waste of time. Therefore we suggest to move from reactive mode to be more proactive. Implement continuous audits, automate controls and use best practices. To secure a Linux system and keep it secure, focus on the right combination of hardening and auditing. This magic combination will be a powerful tool against evildoers.