BestHub
Sign in
Information Security 6 min read

Boost Your Server Security: Essential Linux Hardening Steps

This guide walks you through practical Linux server hardening techniques—including SSH configuration, disabling ping replies, user and group management, sudoers tweaks, and granting root privileges—to significantly reduce the risk of unauthorized access.

Open Source Linux
Open Source Linux
Open Source Linux
Boost Your Server Security: Essential Linux Hardening Steps

Modify SSH login configuration

Open the SSH daemon configuration file and adjust several settings:

vim /etc/ssh/sshd_config
# Change the following items
Port 10000
Protocol 2
PermitRootLogin no
PermitEmptyPasswords no

Restart the SSH service to apply changes:

service sshd restart

Disable ping responses

echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

The default value is 0.

User management

Basic commands to inspect users and groups:

cat /etc/passwd   # list users
cat /etc/group    # list groups
who               # current logged‑in users
last              # login history
Generally, remove unnecessary default users and groups to prevent brute‑force attacks.
userdel sync
userdel shutdown
# other unnecessary users: halt uucp operator games gopher
groupdel adm
groupdel games
# other unnecessary groups: adm lp games dip
Linux account and password information is stored in /etc/passwd, /etc/shadow, /etc/group, and /etc/gshadow; protect them by setting the immutable attribute.
chattr +i /etc/passwd
chattr +i /etc/shadow
chattr +i /etc/group
chattr +i /etc/gshadow

To revert, replace +i with -i and run the commands again.

Create new user

adduser username
passwd username
Regular users should have full permissions only in their home directory; use sudo to perform privileged actions.

To edit the sudoers file, grant write permission temporarily, add the user, then remove the write permission:

chmod -v u+w /etc/sudoers
# edit file to add user entry
chmod -v u-w /etc/sudoers

Grant root privileges

Method 1: Uncomment the %wheel ALL=(ALL) ALL line in /etc/sudoers and add the user to the wheel group.

Method 2 (recommended): Add explicit entries for root and the user in /etc/sudoers:

root ALL=(ALL) ALL
uusama ALL=(ALL) ALL

After saving, log in as the user and run sudo -s to obtain a root shell.

Method 3: Change the user’s UID to 0 in /etc/passwd:

uusama:x:500:500:tommy:/home/uusama:/bin/bash
# modify to
uusama:x:0:500:tommy:/home/uusama:/bin/bash
Saving this change makes the account equivalent to root.
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

LinuxUser ManagementSudoServer SecuritySSH Hardening
Open Source Linux
Written by

Open Source Linux

Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment