25 Hardening Security Tips for Linux Servers

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Use our Linode referral link if you plan to buy VPS (it starts at only $10/month).
  4. Support us via PayPal donate - Make a Donation
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Ravi Saive

I am Ravi Saive, creator of TecMint. A Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux. Follow Me: Twitter, Facebook and Google+

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

66 Responses

  1. Ashutosh Upadhyay says:

    Liked the efforts to write such a very useful article. Thanks.

    I’ve a situation where I want to ensure that a particular group of IT staff is not able to perform any execute or write on production servers. Is there a quick way to do so by adding them to “deny” files etc?

  2. Greg says:

    centos (and fedora etc.) now uses systemd. It will help to update this page by adding the systemctl commands.
    Thank you

  3. Khushal Bisht says:

    Hi Ravi,

    Any server-hardening-security-tips article then suggested me…because this article is very basic times. We need more security in servers…..also Suggested me any PAM article

  4. Dave says:

    I stopped reading at number 2. Different partitions do nothing for security or protection. If anything it can cause problems by having a partition that can become too small and fill. With current systems you can use raid 1 or do a rsync of the entire disk daily. The only real disk that needs to protected is /home.

  5. medhat ahmed says:

    number 8 in this list doesn’t work “disable usb”

  6. Gareth says:

    One caveat on the way the SELinux tip was worded: just enabling it on its own does not instantly and magically give you any extra security, but it will slow your system down. If you’re not making explicit use of the features that it offers then disabling it will not reduce your security.

    SELinux is a module that provides more fine-grained access control over security policies. Before enabling it find out what it is and whether you will use that extra level of control, and balance that need against the fact that it does come with some amount of negative performance impact.

    But don’t just treat “Enable SELinux” as a checklist item to get out of the way and quickly move on, every installation.

  7. Tanveer says:

    Awesome…Appreciate your efforts…Looks like you can help me with my dilemma..I have installed RHEL 7.1 & 6.5 on VM in VMware work station. But I am not able to create repository..In fact, rpm also does not work. Any comments please? I am not able to move forward with setting up my server.

  8. MOHD TAUHEED says:

    Hi,

    I want to block all user for cp and scp from our remote server to my local machine. please suggest me ..

    Thanks

    • Ravi Saive says:

      @Mohd,

      In sshd_config file, just comment out the following line to disable scp connections.

      ## override default of no subsystems
      #Subsystem       sftp    /usr/libexec/openssh/sftp-server
      
  9. Akshay Chakre says:

    Very easy to understand…Too Good

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

Join Over 300K+ Linux Users
  1. 177,942
  2. 8,310
  3. 37,548

Are you subscribed?