Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hardening a Linux system is both an art and a science. In any case, one must first define what they mean by 'hardening'. Configuring IP tables can, and likely will, be a part of most hardening strategies but the question as posed is to vague for this to be a complete response. What is the purpose of the Linux system? Is it a home PC for general browsing or is it a server? What applications is it running, especially is it running any server applications such as SSH, FTP, email, web, DNS, etc.? For each of these applications there are things one can do to better protect them against malicious activity. Furthermore, a holistic hardening approach will also include "eyes on" surveillance by performing an analysis of the logs and ensuring that all of the applications are up to date.
To summarize this very important point: security is NOT an application or a tool that you can install and configure. To think otherwise is a recipe for disaster.
For several years (just to see if I could do it), I managed a colocated server without a firewall. I did it with both Webmin and via CLI, but it can definitely be done with only Webmin.
Focus on hardening any running services (SSH, FTP, Web). Then, use tcpwrappers. Then use iptables. Modsecurity is highly recommended, especially if you're serving dynamic content (this seems to be "the thing" nowadays). Get used to always checking and adjusting the server's security posture. Get used to thinking security as layered. Sometimes its also worth trying new security solutions (although maybe test on an isolated/test box first).
All of this totally depends on what purpose your server will serve.
But that ain't a remote tool, but rather an app you install on your server, and run from there.
Of course you can run it from remote shell though, but that doesn't make it "remote" imo.
Here are a few references to posts on LQ that discuss this subject: first, second, third.
The threads mentioned include a discussion of things you can do to harden a Linux system, including Bastille Linux. The important thing for you to do is to learn and understand what you are doing and why.
The main point that we have been trying to explain to you is that such a tool does not exist. There is no one set of actions, procedures, or settings, you can make that will secure your system.
In order to secure your system you need to identify what it is that you are trying to secure against. This will largely depend on what you are using the server for. On top of that, the "security" must be applied in layers. For example, you can use a firewall to block SSH traffic on all but a range of IP addresses. On top of that you can configure the SSH daemon to prohibit root logins, require RSA keys, and use only more modern encryption protocols. On top of this, you can use a program to watch the authorization log to see if anyone makes a brute force attempt to guess user names or passwords.
If you would please tell us what you are trying to accomplish and what you are trying to secure against, we can help you to develop a solution to meet your needs. For example, are you running web services, email, dns, ftp, samba, etc? Each of these items has different things that need to be done to secure it. In some cases there are tools that can be used, such as front ends for Iptables (which is the default firewall) that can assist with this process.
The other major point that we have been trying to explain is that after you perform these hardening tasks, you will need to apply constant vigilance monitoring the state of your system and guarding against intrusion. Again, there are tools, such as logwatch, that can help with this process, but it is still a constant process.
You have mentioned "using maximum users". A system with a large number of users has different needs and challenges than one with one or few. If all of these users have system accounts it will be necessary to determine who shall have elevated or root privilege. You can use the sudo function to provide a more fine grained application of this. Do you have an appropriate and effective password strategy in place? Have you thought about a permissions strategy for each of these user's home directories?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.