Linux Server Hardening: Security Checklist 2024

A properly hardened Linux server is the foundation of secure infrastructure. Follow this checklist for production deployments.

1. SSH Hardening

# /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
MaxAuthTries 3
ClientAliveInterval 300
ClientAliveCountMax 2
AllowUsers deploy admin
Protocol 2

# Restart SSH
systemctl restart sshd

2. Firewall (UFW)

# Setup firewall
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable

# Check status
ufw status verbose

3. Automatic Updates

# Ubuntu/Debian
apt install unattended-upgrades
dpkg-reconfigure unattended-upgrades

# Check configuration
cat /etc/apt/apt.conf.d/50unattended-upgrades

4. Fail2ban

apt install fail2ban

# /etc/fail2ban/jail.local
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600

systemctl enable fail2ban

5. User Security

# Remove unnecessary users
userdel games

# Strong password policy
apt install libpam-pwquality

# /etc/security/pwquality.conf
minlen = 14
dcredit = -1
ucredit = -1

Quick Checklist

☐ Disable root SSH login
☐ Use SSH key authentication only
☐ Configure firewall
☐ Enable automatic security updates
☐ Install fail2ban
☐ Configure audit logging (auditd)
☐ Remove unnecessary services

December 2024

Linux Server Hardening

1. SSH Hardening

2. Firewall (UFW)

3. Automatic Updates

4. Fail2ban

5. User Security

Quick Checklist

Related Content