<\/span><\/h2>\nKeeping the software up-to-date is one of the most important tasks of securing your server. Everyday, numerous vulnerabilities are found in various Linux applications, services and scripts and new fixed versions of them are being released very quickly. Installing the updates on your server is crucial and strongly recommended. You can keep your server up-to-date using your distribution’s package manager such as ‘yum’\u00a0 or ‘apt-get’.<\/p>\n
RPM based distros:
\n# yum update<\/code><\/p>\nDebian based distros
\n# apt-get update && apt-get upgrade<\/code><\/p>\n<\/span>2. Use Strong Passwords<\/span><\/h2>\nPasswords are the front line defense for your server. When setting up new accounts on your virtual server, you should create strong passwords. The stronger the password is, the less likely it is to be guessed and your server compromised. Never use passwords that are easily guessable, such as passwords based upon names, street addresses, dictionary words, significant dates, etc… A strong password consists of a combination of letters (both upper and lower case), numbers and special characters and it should be at least 8 characters long.<\/p>\n
To change your ‘root’ password use the following on the Linux command line:<\/strong>
\n# passwd<\/code><\/p>\nTo change a user’s password use the following instead:<\/strong>
\n# passwd <username><\/code><\/p>\n<\/span>3. Use Correct File and Directory Permissions<\/span><\/h2>\nThree types of access permissions: read, write and execute are available for three different categories of users: owner, group and others. With these permissions you can determine who can access or modify the files. This makes them very important for the security of your server. You should ensure that all files and directories have the correct permissions. You can check the permissions of a file by executing the ‘ls -l’ command. The very first line of the given output shows the files\/directories permissions: ‘r’ = read permission; ‘w’ = write permission; ‘x’ = execute permission; ‘-‘ = no permission. You can change the permissions with the ‘chmod’ command.<\/p>\n
The following commands can help you find any world writable files and directories which\u00a0 may be a security risk:<\/p>\n
To find world writable files type:
\n# find \/ -type f -perm -o+w -exec ls -l {} \\;<\/code><\/p>\nTo find world writable directories type:
\n# find \/ -type d -perm -o+w -exec ls -ld {} \\;<\/code><\/p>\n<\/span>4. Stop\/Disable Unnecessary Services<\/span><\/h2>\nAll Linux distributions usually have many services\/daemons configured to start every time you start the server. The more services running on your server, the more ports are being open to potential external break-ins. Disabling unnecessary services can improve the security of your server and even the overall server performance.<\/p>\n
To check which services are running on your server execute:
\n# chkconfig --list<\/code><\/p>\nThe above command will show the startup status of all services.<\/p>\n
To stop a service at startup time you can execute:
\n# chkconfig --levels <name_of_service> off<\/code><\/p>\n<\/span>5. Disable ‘root’ login via SSH<\/span><\/h2>\nThe ‘root’ account has full control over the entire server, so allowing direct logins as ‘root’ via SSH is one of the biggest security risks. Hackers can brute force a server’s ‘root’ password and when they succeed, they will gain full control over your entire server. Despite this, even one small mistake made while logged in as ‘root’ can cause a big\u00a0 problem on your server. It’s strongly recommended to use your ‘root’ user only when it is really necessary.<\/p>\n