Skip to content

Linux server principles

This is a list, in no particular order, of principles to adhere when running a secure Linux server.

  1. SSH – Never allow direct SSH root access (set PermitRootLogin No).
  2. SSH – Do not use SSH keys without a passphrase.
  3. SSH – If possible, do not run SSH on a public IP interface (preferably use a management VLAN).
  4. SSH/SSL – Use strong SSH ciphers and MAC algorithms (Check with
  5. Never run anything as root (use sudo).
  6. Use deny all, allow only firewall principle. Block everything by default, only open what’s needed.
  7. Configure the mail daemon to use a smarthost (unless it’s a mailserver).
  8. Always use a timeserver daemon to keep server in sync (ntp).
  9. Always use a package manager and apply, at least once a month, updates (apt, yum etc.)
  10. Have backups in place and regularly test the restores.
  11. Do not just backup raw database data. Dump databases and backup those dumps (mysqldump, pg_dump).

Leave a Reply

Your email address will not be published. Required fields are marked *