Secure Linux / Debian Server

Secure Linux / Debian Server

If you run your own Linux server, you have to secure it yourself. Here you should consider some basics, because otherwise your server will be hacked very quickly.

  1. Change default or automatically assigned root password
passwd root

I recommend you use a complex password with at least 64 characters or an SSH key instead of a password for this.

2. Install all updates (regularly!)

apt-get update
apt-get upgrade

Automatic updates can also be used, but require further configuration. I assume that you are working on your server on a regular basis and therefore install updates manually.

3. change the SSH port

vi /etc/ssh/sshd_config

Changes the SSH port, making automated scans and attacks more difficult. Please do not use a port that is already in use.

service sshd restart

After that, the service must be restarted.

4. Do not install any software as root

Because that would facilitate escalation of privileges in case of security vulnerabilities of your applications.

5. you don’t need SSH? Just turn off the service.

service ssh stop

After you disconnect, login is no longer possible. The service will remain off until the next restart, so the stop is not permanent.


6. Enable the firewall

Many hosters offer you an upstream firewall, use it and block unused open ports. If you have a fixed IP address (e.g. via your VPN provider or ISP), allow access to administrative ports (e.g. SSH) only to this fixed IP. Of course, the same applies to e.g. your FTP/SMTP port – if you only use your server alone.

7. firewall with iptables

You can also determine firewall rules with iptables on the server, you should not forget to do that in any case. Some administration software (e.g. Plesk) can help you comfortably with this.

With these simple measures you have already brought the security of your server to a normal level. However, there is a lot more to consider depending on the intended use of the server. Inform or contact me with confidence

IT security should be affordable for individuals, small businesses and mid-sized companies. Therefore, I always calculate my hourly rates individually according to the degree of difficulty and actual effort.

Leave a Reply

Your email address will not be published. Required fields are marked *