How To Harden Linux Servers ?

WEB SERVERS AND THEIR TYPES

A Web server is a program that uses HTTP protocol to serve files in the form of web pages in response to their HTTP client request. The most commonly used web servers are Apache and IIS( Microsoft Internet Information Service). In the modern world, we can’t visualize a world without the internet. Each and every organization have websites in order to give a brief about them and to sell their products. We all know that these websites can only be accessible if they are connected to the internet. Here is the importance of hosting these sites or web applications into the live servers. There are mainly two types of servers LAMP and WAMP. The LAMP comes with Linux Apache Mysql and (PHP, PERL, PYTHON) in the same way WAMP with WINDOWS, APACHE, MYSQL, and PHP.

Here we are going to discuss with Linux Servers. There are Shared Server, Virtual Private Server (VPS ) and also Cloud Servers such as (AWS, OpenStack, Rackspace, etc…). Cloud servers are the most recent technology in hosting industry where resources are unlimited and are fully done with automation. Cloud Servers are more flexible.

Ransomware is a type of malicious application which prevents one from accessing their personal computer and it’s data. As the name indicates, the hackers demand a ransom for removing this restriction they have imposed on the victim’s machine. This caused a lot of trouble for people who had their data not backed up, also when the affected machines were a part of one’s business operations. Like we all know, more downtime of a machine, the more loss is happening. Hence this was a very tactical move from the hackers this time. In simple they cam-lock the system which can not be made reverse by a knowledgeable person. Some advanced malware uses cryptoviral extortion as technique, in which it encrypts the victim’s files, and decrypt only in returns to a ransom payment.

In this circumstances, we realize all the risks involved in real time server without hardening. The most operating systems are not designed with security by default. In fact, servers running on default configuration makes them easily predictable to the intruders.

Now we may look into the procedures followed for hardening a server. Server hardening checklist would help you in increasing your server and network security.

SECURITY TIPS FOR HARDENING LINUX SERVERS

1. Disable Ctrl-Alt-Delete

2. Debilitate direct root login and make devoted SSH client

3. Change SSH default port and debilitate ping demand

4. Setup CSF firewall

5. Setup Mod_Evasive and setup Mod_Security

6. Scan your system with RootKit Hunter

7. Scan your system using maldet and Clam AntiVirus.

8.Setup cron job to run Clam AntiVirus weekly.

9. Disable Apache header information and Hide PHP Version information.

10. Disable FTP. Use SFTP instead.

11. Disable shell access for unknown users.

12. Configuring fail2ban to protect SSH

1. DISABLE CTRL-ALT-DELETE

By disabling this you can provide physical security to your server. If you are using Systems prior to CentOS 7 all you have to do is to comment out the following line in /etc/inittab file

ca::ctrlaltdel:/sbin/shutdown -t3 -r now

2. Impair DIRECT ROOT LOGIN AND CREATING DEDICATED SSH USER

Note: Please don’t log out from your System in the wake of impairing the immediate root login. It would be ideal if you take after the means until the point that you make a committed SSH client and afterward you can log out. Else you won’t have the capacity to log in to your framework once more. It would be ideal if you be watchful.

The root user has full permission to make changes in your server. So once if someone logged in as root user you can imagine the vulnerabilities you will be facing.

3. CHANGE SSH DEFAULT PORT AND DISABLE PING REQUEST

Everyone knows 22 is the default SSH port. So you can change the port number to make the server more secure. This makes it less predictable for the intruders as they are unaware of the port number through which they can establish an SSH connection. Also, disable the ping request by making the changes in the respective configuration files.

4. SETUP CSF FIREWALL

CSF is a Stateful Packet Inspection (SPI) firewall, Login/Intrusion Detection and Security application for Linux servers. You can manage the IP filtering using this and prevent unauthorized access from IP addresses not mentioned previously, or even block some IP addresses etc. There are a wide variety of options that can be set using the firewall configuration

5. SETUP MOD_EVASIVE AND SETUP MOD_SECURITY

The “mod_evasive” is an evasive module for Apache which helps in preventing HTTP DoS or DDoS attack or brute force attack. They are also much efficient in preventing normal DDoS attacks.

ModSecurity supplies an array of request filtering and other security features for Apache.

6. SCAN YOUR SYSTEM WITH ROOTKIT HUNTER

This tool can be used for scanning malware and backdoors and local exploits by running tests like:

– MD5 hash compare

– Look for default files used by rootkits

– Wrong file permissions for binaries- Look for suspected strings in LKM and KLD modules

– Look for hidden files

– Optional scan within plaintext and binary files

7. SCAN YOUR SYSTEM USING MALDET AND CALM ANTIVIRUS

Maldet is an efficient Malware Detect virus scanner for Linux. A malware scan is something to be carried out in a regular interval so as to prevent the server clogged with malware which can, in turn, compromise your server.

ClamAV can be used for detecting Trojans, viruses, malware and another backdoor. It can be used for detecting spamming on the server and also used mainly for mail gateway scanning.

8. SETUP CRON JOB TO RUN CLAM ANTIVIRUS WEEKLY

Linux offers the cron job feature which is easy to configure. It is actually a job scheduling application. The clam antivirus can be set to run on a weekly basis so as to keep the server secure and also, in the same cron job, you can provide the command to update the clam antivirus application so that the antivirus database is kept updated.

9. DISABLE APACHE HEADER INFORMATION AND HIDE PHP VERSION INFORMATION

It is not advisable to expose the Apache header information in public, like said earlier, it makes the server more predictable to the intruders. Edit your mail Apache configuration file and disable the apache header information.

Like Apache, it is not good to expose the PHP information to the public. As each PHP version may have unique loopholes which can be exploited by the hackers. So disable the PHP version information display by editing the main configuration file of PHP.

10. DISABLE FTP. USE SFTP INSTEAD

FTP is always the favorite back-door of hacker and there are multiple ways to hack an FTP account. Hence, disable FTP and use SFTP which has the simplicity of FTP with the security features of SSH. Any user having the SSH access to the server can use SFTP. WinSCP is a
SFTP client in case of Windows.

11. DISABLE SHELL ACCESS FOR UNKNOWN USERS

If you find any unknown users in the list of users having access to your server, change the shell of that user to /sbin/nologin This prevents that user from having an interactive shell that could possibly be used for unauthorized activities.

12. CONFIGURING FAIL2BAN TO PROTECT SSH

The Fail2Ban is an intrusion prevention software that protects server by blocking the IP of intruders.

Conclusion

Initial hardening of the server doesn’t mean that it will remain secure for the rest of its lifetime. Apart from the initial hardening, it is always advised to have a periodical security audit performed to see if the server is up to the mark of security standards being followed according to the latest technological scenario. As the technologies are advancing day by day, some methods remain foolproof while some security methods are found to have vulnerabilities. Unless you keep up with the latest happenings and trends in the Information Technology sector, it will be long gone by the time you realize you have fallen far behind the technological advancements happening. Keep yourself updated, keep reading through the various blogs across the internet, the more you know the web world, the more you can be prepared in securing your assets exposed to it.