How to secure your Linux VPS – a few practical tips
Finding the appropriate level of security for your Linux VPS is an important task, which requires that you take into careful consideration your particular needs.
Being aware of the risks and tradeoffs will help you weigh the balance between usability and security. Also, this will be a great way for you to explore and leverage the power and flexibility of the amazing Linux platform.
Check out the basic steps for securing a Linux-based VPS, so as to figure out what security measures will be relevant to your case.
Linux VPS – general security practices
The first thing you need to do when you lay hands on a new VPS is to create a secure environment tailored to your needs.
Following is a list of the measures you can take to secure your server and make sure it is protected from malicious activity as much as possible.
All of the tasks are easy to accomplish and are divided into two categories – measures that require no extra software installations and measures that involve some extra work.
This way, you can quickly find your answers and take the optimal security measures for your Linux VPS.
Use only SSH to log into your server
The most secure way to log into a remote server is by using the SSH (secure shell) cryptographic network protocol for operating network services.
The SSH protocol can offer you an utmost level of encryption and you’ll be able to direct insecure traffic (coming to your server) through a secure connection.
You could also take advantage of X-forwarding and run graphic applications remotely through a secure network connection, etc.
Disable the root account
The first thing you should do is to deactivate the root login option. Instead of root access, you could take advantage of sudo access.
We also recommend creating unique user accounts for every single user and service on your Linux VPS.
Then, each of them should be provided with the very permissions needed to do their job.
Everything else (permissions and privileges) should be inaccessible to them.
As a result, any chance for involuntary mistakes potentially compromising your server’s overall security will be eliminated.
Needless to say, you also need to disable all unnecessary user accounts.
The right time to do that is when you install some new software or when you find out that a given user no longer needs access to your system.
Here’s a useful guide on how to disable root logins.
Always install the latest security updates
Hackers could potentially discover backdoors and security holes in any type of software.
Developers and security experts in turn do their best to release efficient security updates (patches) on a regular basis so as to prevent bad practice.
We recommend checking out for such at least once a week.
The majority of Linux releases come with individual security storage repositories and mailing lists, so that you can quickly download and install only the security patches that you need.
Avoid downloading software except for official channels
If you really need some specific software or you’re well familiar with its source (official or not), go ahead. Otherwise, the risk for your Linux VPS is hardly worth it.
Limit all unnecessary services
Arguably, one of the best advantages of owning your own server such as Linux VPS is the fact that you are able to use various services on a single machine.
However, we strongly recommend that you install and run only services that you do actually need.
Remember that each third party service is a potential threat for your Linux VPS.
Present-day Linux distributions allow you to check the active services on your server in multiple ways.
Configure your permission settings
Setting up file permissions can be tricky. The broader your permissions are, the easier it gets for both you and your users to interact with your site.
However, very broad permissions are not really secure. So you need to find the right balance that will allow your sites and apps to function, without any security risks.
We believe that you should start with the implementation of a balanced unmask (default permissions for each new file and/or directory) policy. To do so, you need to create adequate defaults.
File permissions have to be relevant to your specific needs and usage. The best advice here is – set up as few file permissions as possible. The fewer you have, the better for your overall Linux VPS security.
Use SFTP instead of FTP
The evergreen File Transfer Protocol (FTP) for transferring files between two remote systems, which is used since 1985 is insecure by definition.
Each of the required authentications is sent in plain-text. Therefore, anyone can learn your log in details by simply monitoring the connection between the Linux VPS and your local computer system.
You can use a more secure solution such as the SSH FTP. You get SSH FTP for free, as part of the SSH suite.
Although it does the same job as FTP, SFTP is based on the SSH security protocol.
Additional software to boost the security of your server
While a Linux distribution can be secured without using additional software, when it comes to security, you can always do better.
Here is a list of additional tools, which you can install on your VPS and reinforce the security of your Linux environment.
Using a firewall is essential
The first thing you should do when securing your Linux VPS is to activate and set up a firewall.
You should set your server to use just a few of its networking ports – the ones that are absolutely necessary for all the standard and legitimate services.
Then, set up your firewall, so that the rest of the ports are fully protected and deny in- and outgoing traffic.
As a result, you’ll be able to avoid any security breaches and fully optimize the usage of your real services.
The IPTables Firewall
The most popular present-day Linux firewall is called IPTables. It comes standard with the majority of the present-day Linux distributions.
Similarly to the UFW firewall, you can use IPTables for administration of the default Linux kernel netfilter firewall.
Since it was first introduced as early as 1998, there have been countless upgrades and updates to it over the years.
What’s more, it has an IP6Tables version specifically designed for the creation of IPv6 restrictions.
The syntax may seem a bit complicated to a newbie, but we can assure you that leaning it is definitely worth it.
The UFW Firewall
A UFW firewall is an abbreviation of Uncomplicated Firewall. It’s more like a user-friendly interface for controlling a default Linux kernel firewall like the netfilterone.
The netfilter itself is a simplified and basic firewall solution for non-experienced users.
However, it has everything you need for a standard level of security, so in case you don’t have some quite specific security requirements, we recommend using it. It’ll save you a lot of time and efforts.
The NFTables Firewall
The NFTables firewall is a relatively new (available since January 19, 2014). It was developed and released by the same team that created IPTables and it’s planned to become its successor in the foreseeable future.
NFTables uses a more readable programming syntax. Its most revolutionary characteristic is that it features full support for both IPv4 and IPv6 in the same interface.
Install the Fail2Ban framework to prevent brute-force attacks
In order to upgrade the overall level of SSH security on your Linux VPS, you should consider installing some intrusion prevention type of software. The ultimate choice as of currently is called Fail2Ban.
This is a Python-based intrusion prevention service, which keeps log of files to detect whether a host makes too many login attempts or some other unwanted activity on your Linux VPS.
If so, all traffic from the potential intruder’s IP address is blocked within a time frame of your choice.
Using Fail2Ban, you’ll successfully evade the majority of the popular brute-force attacks.
Install an Intrusion Detection System to detect unauthorized entries
There are a lot of intrusion detection systems on the market today. We’ve summarized the top-rated ones in the paragraphs below:
The Tripwire Intrusion Detection System
The open-source Tripwire security and data integrity tool is a popular way for detecting intruders on VPS servers running Linux.
Its modus operandi is the following:
1) A database, which consists only of system files is generated.
2) The configuration files and all the related binaries are secured with a bunch of keys.
3) Once the configuration details were chosen and the exceptions have been defined, Tripwire starts monitoring the aforementioned files and informs you of any changes to each of them.
AIDE is a top-choice for an intruder-detection environment. The way it works is similar to Tripwire. It generates a database and then repeatedly runs to compare the current system state to the pre-set (already stored) known-good values. In case of any changes/unusual activity, you get an instant notification.
The Psad tool is also a very efficient way for intrusion detection, although it works differently when compared with Tripwire and Aide. It doesn’t monitor system files, but firewall logs in order to identify any malicious activity.
In case a hacker makes attempts to check your Linux VPS for vulnerabilities through a port scan, Psad will detect that.
Then it’ll dynamically update your firewall rules and stop the hacker in an instant. What’s more, Psad can be configured to scale security threat levels and act accordingly.
Bro is an open source network monitoring framework, which can be used as an intrusion detection system. In addition, it’s also suitable for gathering various user stats, identifying different issues and last but not least to detect patterns.
It has a cutting-edge structure divided in two separate layers. Layer 1 monitors activity and creates events. Layer 2 is used to analyze each of the aforementioned events using a policy framework with strict rules. Then, according to your settings, it can generate alerts or execute system commands. Alternatively, it could just log the info about the events.
The RKHunter (Rootkit Hunter) Unix-based scanning tool functions as a flawless intrusion detection system. It follows the very same rules for detecting rootkits, backdoors and any other Linux VPS malware.
Although there aren’t many popular Linux viruses, malware and rootkits are very common. In order to evade them, you should consider using a tool like this one.
It’ll compile an up-to-date (being regularly synchronized) list of known backdoors and exploits.
Then, it’ll perform a comprehensive scan on your system using the aforementioned database. In addition, you’ll be instantly alerted for any un-safe settings in your applications.
Don’t forget to check for malware
Like everything else, you’ll find that there’s a wide selection of malware scanners for Linux on the market today, so it’s difficult to recommend you the best one.
As of currently, consider using the popular maldet, Linux Malware Detect (LMD). One of its most useful features is the malware signatures scanning option.
You can use LMD manually or set it up to run scheduled scans. The received reports will be e-mailed to the admins of your Linux VPS.
Hopefully, this article has managed to acquaint you with the basics of Linux VPS security.
Having your Linux VPS server secure at all times is a daily task, which requires a lot of time and efforts. However, it’s an essential part of server administration.
Feel free to ask us any questions and share your experience on the subject.Originally published Friday, July 13th, 2018 at 2:39 pm, updated August 29, 2018 and is filed under Virtual Private Servers.
Tags: Linux, online security, VPS