Securing your Linux server is crucial to protecting your data and preventing unauthorized access. Below are the best security practices to enhance your server’s protection.

Need Expert Assistance? Our Managed Services include full server hardening and security best practices. We also offer Nubius Lifecycle Manager, included with Managed Servers or available separately via our Store. Contact sales@support.nubius.io to upgrade.

1. Standardize Server Setups

To maintain consistency across servers, use automation tools like Nubius Lifecycle Manager to:

  • Apply security patches automatically.

  • Ensure system configurations follow compliance standards.

  • Regularly audit your server security.

2. Secure SSH Access

SSH is the primary way to access a Linux server, so securing it is essential:

  • Disable root login:

    sudo nano /etc/ssh/sshd_config

    Find and update:

    PermitRootLogin no

  • Change the SSH port:

    Port 2222  # Replace 2222 with your preferred port

  • Use SSH Key Authentication instead of passwords (Guide)

  • Limit SSH access to specific IPs:

    sudo nano /etc/hosts.allow

    Add:

    sshd: YOUR_IP

Restart SSH to apply changes:

sudo systemctl restart sshd

3. Use a Firewall

Our Servers have an external firewall that can be managed from our portal, for more details check this guide.

In addition to it, you can configure a firewall directly into your server here are some examples on how you can manage it.

Restrict access to only necessary ports:

  • Enable and configure UFW (Ubuntu/Debian):

    sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

  • For CentOS/RHEL/AlmaLinux, use Firewalld:

    sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-service=https --permanent
sudo firewall-cmd --reload

4. Keep Software & System Updated

  • Update system packages regularly:

    sudo apt update && sudo apt upgrade -y  # Ubuntu/Debian
sudo yum update -y  # CentOS/RHEL/AlmaLinux

  • Use Nubius Lifecycle Manager to automate security patches. Our service is includes with Managed Servers or it can be acquired separately.

Important: Make sure you take a backup prior to applying any update and that you test all your services once the update is completed.

5. Configure Fail2Ban to Prevent Brute-Force Attacks

Fail2Ban protects against repeated failed login attempts and it can be configured on multiple services:

  1. Install Fail2Ban:

    sudo apt install fail2ban -y  # Ubuntu/Debian
sudo yum install epel-release -y && sudo yum install fail2ban -y  # CentOS/RHEL/AlmaLinux

  2. Start and enable the service:

    sudo systemctl start fail2ban
sudo systemctl enable fail2ban

  3. Configure Fail2Ban rules:

    sudo nano /etc/fail2ban/jail.local

    Add:

    [sshd]
enabled = true
maxretry = 5
bantime = 3600

  4. Restart Fail2Ban:

    sudo systemctl restart fail2ban

Note: You can setup multiple services under the jail file and set specific monitoring rules for attacks. More details can be found here

6. Secure Web Applications with SSL

You can use free certs like Let's Encrypt:

  • Use Let's Encrypt for free SSL under Nginx:

    sudo apt install certbot python3-certbot-nginx -y  # Ubuntu/Debian
sudo yum install certbot python3-certbot-nginx -y  # CentOS/RHEL/AlmaLinux
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
  • Use Let's Encrypt for free SSL under Apache:

    sudo apt install certbot python3-certbot-apache -y  # Ubuntu/Debian
    sudo yum install certbot python3-certbot-apache -y  # CentOS/RHEL/AlmaLinux
    sudo certbot --apache -d yourdomain.com -d www.yourdomain.com

  • Regularly renew SSL certificates:

    sudo certbot renew --dry-run

Depending on your setup, our recommendation is to buy a certificate, you can check our SSL offerings in our store here.

7. Implement a Security Monitoring Solution

  • Use 360 Monitoring to track system performance and security alerts (Get it here).

  • Enable log auditing:

    sudo apt install auditd -y && sudo systemctl start auditd && sudo systemctl enable auditd

  • Review logs regularly:

    sudo cat /var/log/auth.log  # Ubuntu/Debian
sudo cat /var/log/secure  # CentOS/RHEL/AlmaLinux

8. Disable Unused Services

Reduce attack surface by disabling unnecessary services:

sudo systemctl disable cups  # Example: Disabling printing service

List active services and disable what’s not needed:

sudo systemctl list-units --type=service

9. Set Up Automatic Backups

  • Use Acronis Backup available in our store (Our Recommendation).

  • Configure automated backups (Not Recommended): This option will take a local backup into the same server, it is useful for quick restores but if the server crashes, backups won't be available.

    sudo tar -czf /backup/server-backup.tar.gz /var/www /etc /home

Final Thoughts

Following these security practices will help protect your Linux server from unauthorized access and potential threats.

For a fully managed security solution, consider upgrading to our Managed Services or Nubius Lifecycle Manager. Contact sales@support.nubius.io to learn more.

If you need assistance, contact Support via the Nubius Customer Portal or send an email to support@support.nubius.io

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

Enabling SSH Key Authentication (Linux Servers)

  SSH key authentication provides a more secure way to access your Linux server compared to...
Configuring Your Firewall

By default, there is no firewall added to your server and all ports are available. At the moment...