1. Do not allow direct root/administrator login 2. Make sure passwords are secure and changed regularly (by force if necessary) 3. Use a network firewall, such as APF 4. Use an application firewall, such as ModSecurity 5. Chroot all non-root users to keep them out of system directories 6. Use …
July, 2010
June, 2010
-
18 June
How to Enable/Disable Root Login in SSH
Question: I have heard that enabling root login in SSH can be a security risk. Is that true, and if so, how do I disable it? Answer: The truth is that having root logins enabled is not in itself a security risk. The real risk comes from having an easily …
-
7 June
Security: Windows and Linux Executables
Servers handle command and application execution differently, depending on the operating system. From a security perspective, executable files should be tightly controlled. Only the server administrator should be allowed to install and run executables, and the server should not respond to file execution from within unauthorized directories. On a Windows …
March, 2010
-
29 March
Understanding Linux partitions
On a typical Linux server, the hard drive will be divided into partitions. It is very important to know what the main partitions are and what they do. / – Known as the root partition, this is where all of the system files belong. You will find /usr, /lib, /etc, …
-
29 March
Sudo vs. SU
The “su” command is what a Linux user with proper permissions uses to ascend to the root administrator account. A secure SSH server will not allow direct root login, so the user must gain root after initial login. The “sudo” command is an alternative to using a separate root user …
-
10 March
5 Security tips for virtual private servers
There are many security factors you should consider when deploying Linux-based virtual private servers (VPS) on systems such as OpenVZ. Some protect your users and some protect your server as a whole. Here are five steps you can take to make sure your server is secure: 1. Disable the root …
February, 2010
-
24 February
How to setup umask on a Linux server
In Linux umask, or user file-creation mode mask, determines the permissions of new files. In other words, whenever you make a new file or upload/transfer a file from your local machine or another server, umask sets the initial permissions of that file. In most Linux distributions, umask for all users …
-
15 February
How to list all users in Linux
Question: How do I see all of the users that have accounts on my server? Answer: In a previous post, we covered the “who” command, which will tell an administrator which users are currently logged into the system, but another important thing to know about your server is which users …
-
12 February
How to compile and install software from source in Linux
Ideally everything you ever need for your Linux server will be nicely packaged and easily installed through your distribution’s repositories. At worst you might need to add a third-party repository to download the .rpm or .deb packages that you need. But when you realize the world is not as perfect …
-
9 February
How to schedule a reboot on a Linux server
Automating tasks in Linux is a pretty straightforward process, mainly because the tool used to do it comes with all Linux distributions. It is called Cron, as we mentioned in an earlier post. Cron allows you to automate all sorts of tasks, including reboots. But if you just need to …