Jan van den Berg

Linux server principles

This is a list, in no particular order, of principles to adhere when running a secure Linux server.

  1. SSH - Never allow direct SSH root access (set PermitRootLogin No).
  2. SSH - Do not use SSH keys without a passphrase.
  3. SSH - If possible, do not run SSH on a public IP interface (preferably use a management VLAN).
  4. SSH/SSL - Use strong SSH ciphers and MAC algorithms (Check with https://testssl.sh/).
  5. Never run anything as root (use sudo).
  6. Use deny all, allow only firewall principle. Block everything by default, only open what's needed.
  7. Configure the mail daemon to use a smarthost (unless it's a mailserver).
  8. Always use a timeserver daemon to keep server in sync (ntp).
  9. Always use a package manager and apply, at least once a month, updates (apt, yum etc.)
  10. Have backups in place and regularly test the restores.
  11. Do not just backup raw database data. Dump databases and backup those dumps (mysqldump, pg_dump).

favorites, linux, security, tech

⬅ Previous post
My 2018 music discoveries (first half!)

Next post ➡
The Phoenix Project