Linux systems are widely used for their stability, flexibility, and security. However, no system is inherently secure without proper configurations and maintenance. Hardening a Linux system minimizes vulnerabilities and strengthens its security posture. This post outlines key steps to harden a Linux system effectively.
1. Update and Patch Management
Regular updates close vulnerabilities that attackers can exploit. Update the system regularly using the package manager:
:~$ sudo apt update && sudo apt upgrade -y
Keep the kernel updated to ensure the latest security patches are applied.
2. Secure SSH Access
SSH is a critical entry point; misconfigurations can lead to unauthorized access. Disable root login:
:~$ sudo nano /etc/ssh/sshd_config
# Set PermitRootLogin to no
PermitRootLogin no
Use key-based authentication:
Key-based authentication is a method of logging into an SSH server using a cryptographic key pair instead of a password. It enhances security by eliminating the need for passwords, which are vulnerable to brute-force attacks.
Run the following command on your local machine to generate the key pair, Sets the key length to 4096 bits for stronger encryption:
:~$ ssh-keygen -t rsa -b 4096
Use the ssh-copy-id command to transfer your public key to the server:
:~$ ssh-copy-id user@192.168.1.124
3. Firewall Configuration
Firewalls block unauthorized traffic, Install and configure UFW (Uncomplicated Firewall):
:~$ sudo apt install ufw
:~$ sudo ufw allow ssh
:~$ sudo ufw enable
Advanced users can use iptables or Firewalld for more granular control.
4. Secure Boot and Disk Encryption
Secure Boot and Disk Encryption together offer robust protection against unauthorized access to your system and data in case of physical theft or tampering. They ensure:
- The system only boots trusted software (Secure Boot).
- The data remains unreadable without the decryption key or passphrase (Disk Encryption).
. Enable UEFI Secure Boot.
. Use LUKS for disk encryption:
:~$ sudo cryptsetup luksFormat /dev/sdX
:~$ sudo cryptsetup open /dev/sdX encrypted_disk
5. File and Directory Permissions
Misconfigured file and directory permissions can lead to security risks by exposing sensitive files and directories to unauthorized users. Properly configuring permissions ensures that only the intended users or processes can access, modify, or execute the files.
Linux provides several commands to manage file and directory permissions effectively: chmod, chown, and chgrp.
:~$ chmod 700 ~/.ssh
:~$ chmod 600 ~/.ssh/authorized_keys
Set sticky bit for /tmp directory:
The sticky bit ensures that only the owner of a file or directory can delete or modify it, even if others have write permissions.
- By default, /tmp is a world-writable directory where multiple users can create files.
- Users are prevented from deleting files they do not own by setting the sticky bit.
:~$ sudo chmod +t /tmp
Now, Users can only modify or delete their own files, even though the directory is writable by everyone.
6. Enable Logging and Auditing
Logging and auditing are essential for monitoring system activity and detecting suspicious behavior or unauthorized access. Proper logging and auditing:
- Provide accountability by tracking actions performed on the system.
- Help in forensic analysis after a security incident.
- Alert administrators to potential threats in real time.
Configure rsyslog, rsyslog is a powerful logging system for Linux that collects log messages and stores them in specific files for later analysis.
:~$ sudo nano /etc/rsyslog.conf
Install and configure auditd, auditd (audit daemon) is a tool designed to track system events such as file modifications, logins, or security-related actions.
:~$ sudo apt install auditd
:~$ sudo auditctl -w /etc/passwd -p wa
7. Kernel Hardening
Kernel hardening refers to implementing measures to secure the Linux kernel, which is the core component of the operating system responsible for interacting with hardware and managing system resources. A hardened kernel reduces the attack surface and mitigates vulnerabilities that could be exploited by attackers.
Use Security-Enhanced Linux (SELinux) or AppArmor for mandatory access controls to restrict processes based on defined security policies. AppArmor is a Linux kernel security module that allows you to apply Mandatory Access Control (MAC) policies to restrict what programs can access.
:~$ sudo apt install apparmor apparmor-utils
:~$ sudo aa-enforce /etc/apparmor.d/*
and aa-enforce utility sets the specified AppArmor profiles to enforce mode, meaning that the rules defined in the profiles will actively restrict applications.
Restrict Kernel Logs and prevent unauthorized access to kernel logs, which might expose sensitive information.
:~$ sudo chmod 600 /var/log/kern.log