Best Practices for Linux Security Management

Not only Windows and Mac, but even Linux systems can also fall victim to cyberattacks. This article helps IT sysadmins improve their existing Linux security procedures.

Alex Lim
Alex Lim
Sep 16, 2020 · 5 min read
Image for post
Image for post

Securing endpoints can an overwhelming routine for system administrators, especially when they’re remote. Considering much of the world is now working remotely and may continue to do so in the future, the demand for security has increased exponentially.

Though Windows and Mac devices are popular targets for cybercriminals, Linux devices can fall victim as well; Linux-targeted malware can easily affect your critical devices. In some instances, Linux systems have been compromised and configured to distribute malware.

Read on this article to facilitate system administrators in improving their existing Linux security procedures.

Key takeaways:

  • Drafting a backup and disaster recovery plan
  • Hardening security
  • Playing it safe with SSH5
  • Managing firewall
  • Automating patch management
  • Managing account security
  • Discovering how ManageEngine can help

To learn about the best security practices to enhance the security of your devices

Table of contents

Backups and a disaster recovery plan
Security hardening
Playing it safe with SSH5
Firewall management
Automated patch management
Account security management

Linux is considered one of the safest operating systems in the market. However, there are certain checklists and best practices that every individual or an organization can follow to strengthen their Linux security further. A single individual should be responsible for managing a Linux machine to understand the dual boots, VMs, frequency of each of those boots, and patching schedules to keep the machine updated and secured. If that seems extensive, then VMs and dual boots should be avoided for safety.

Here are six best practices to help keep your Linux machines safe.

Backups and a disaster recovery plan

Backing up your files is a good practice for staying on track of your security and should be your first priority. If already done, review the backups to ensure they’re accurate. Natural disasters, cyberattacks, and hard disk failures can happen at any time, meaning it’s important to ensure proper backups are in place to keep your business running even during critical situations. The best practice is the 3–2–1 rule: keep three backup copies, store two copies on different storage media, one which should be stored offsite.

Users need to store sensitive files in the file server, while volatile files, the OS, and other applications can be hosted on the machine. Non-volatile data should be stored in other storage media. Have a secondary machine in different locations to back up the primary machine data automatically.

Security hardening

Cyberattacks can breach your Linux systems if not properly secured. If a system is attacked, it’s going to take a while before things get back to normal. Most Linux attacks are the result of SSH exploitation, sudo command privilege alterations, and web application breakdown, which can be fixed if proper configurations are maintained. Staying on top of your Linux distribution-based vulnerabilities and regular patching of your system can help keep you safe from most unforeseen data breaches or system compromises.

Playing it safe with SSH5

Careful monitoring of SSH connections could give you an advantage over cyberthreats. SSH is typically used for remote execution commands, remote shell access, and tunnelling protocols like FTP. SSH should be closely monitored and disabled if not required.

Another practice for SSH is to block all root logins via SSH; root is a critical account in a Linux environment and should be protected by all means. If a user needs to work remotely as a root user, they can log in as a normal user, switch to a root user, and add the line

etc/ssh/sshd-config

followed by:

PermitRootlogin no

If there have been multiple failed login attempts from a given IP, block it, as it’s likely a failed brute-force attack. SSH has a parameter called MaxAuthTries, which will limit the total number of failed passwords from an IP address but will not block it. However, with an intrusion detection system, attackers can be blocked automatically based on their failed SSH connections. However, users can run the SSH on a different port to avoid being targeted by attackers.

Firewall management

Implementing a firewall is another crucial item in a Linux security checklist and a best practice to keep your Linux systems compact and safe. Most Linux distributions go well with iptables and block connections from unrecognized networks. Configure your firewalls to allow only connections that are identifiable; for example, connections should be from among your recognized set of IP addresses or IP scopes.

Tighter restrictions at the network level could provide peace of mind at the system level. Blocking IPv6 is also a good practice if you’re unsure what its purpose is. Making sure only required services are running in your machine, and tunnelling FTP, X Windows, and rsync via SSH should help.

Automated patch management

An automated patch management system can take care of security patches as soon as they’re released or during non-business hours. Attackers are swift, and all they need is an unpatched vulnerability to breach your systems and escape with sensitive data or wreck havoc on your network.

These days, attacks have become more sophisticated, targeted, and automated. OS vulnerabilities, application vulnerabilities, and service-based vulnerabilities could all be entry points. The best practice is to employ a patch management tool to take care of Linux and third-party patches as soon as they’re available.

Account security management

System administration should practice only using the root user accounts. They also should employ and enforce strong password policies that use alphanumeric and special characters to make brute-force takedowns more challenging for hackers.

System administration should practice only using the root user accounts. They also should employ and enforce strong password policies that use alphanumeric and special characters to make brute-force takedowns more challenging for hackers.

Any idle user accounts should be removed periodically, passwords used by active user accounts should be changed regularly (once every 60–90 days), and Active Directory management can be used for updating new passwords for the user accounts.

Following all the above mentioned best practices can help your Linux systems become less of a target for hackers. However, these are not a permanent solution for keeping you safe. Only a combination of cyber awareness, cyber hygiene, and skilled professionals with the right tools can keep you safe from cyber nightmares.

Originally published at https://pupuweb.com on September 16, 2020.

E.T.

Insight and opinion on emerging technologies

Alex Lim

Written by

Alex Lim

Technology Blogger writing about emerging technologies (pupuweb.com) and marketing/lifestyle (paminy.com)

E.T.

E.T.

Insights, opinions, stories, tips, learnings, sharing concepts, news, analysis, resource, highlights, and ideas on emerging technologies.

Alex Lim

Written by

Alex Lim

Technology Blogger writing about emerging technologies (pupuweb.com) and marketing/lifestyle (paminy.com)

E.T.

E.T.

Insights, opinions, stories, tips, learnings, sharing concepts, news, analysis, resource, highlights, and ideas on emerging technologies.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store