BestHub
Sign in
Operations 7 min read

Essential Linux Server Hardening: 10 Steps to Optimize After Installation

This guide walks you through ten practical steps—including switching to local yum mirrors, installing key packages, disabling SELinux and the firewall, trimming startup services, tightening SSH settings, syncing time, raising file descriptor limits, and disabling ping—to boost the performance and security of a freshly installed Linux server.

Open Source Linux
Open Source Linux
Open Source Linux
Essential Linux Server Hardening: 10 Steps to Optimize After Installation

After installing a Linux system, perform basic optimizations to improve performance and security.

1. Use Alibaba Cloud yum mirrors

Replace the default slow foreign yum repositories with domestic mirrors.

2. Install essential packages

yum -y install tree nmap sysstat gcc gcc-c++ make telnet

3. Disable SELinux

SELinux is an NSA‑implemented mandatory access control; many production environments disable it and handle security by other means.

Permanent disable: edit /etc/selinux/config and set SELINUX=disabled.

Temporary disable:

setenforce 0
After modifying the configuration, a reboot is required; the temporary command allows immediate effect without reboot.

4. Turn off the firewall

Disabling the firewall simplifies learning; in production, enable it only on servers with external IPs and consider hardware firewalls for high‑traffic services.
[root@qll251 ~]# iptables -F
[root@qll251 ~]# /etc/init.d/iptables stop
iptables:将链设置为政策 ACCEPT:filter                    [确定]
iptables:清除防火墙规则:[确定]
iptables:正在卸载模块:[确定]
[root@qll251 ~]# chkconfig iptables off
[root@qll251 ~]# service iptables stop

5. Minimize startup services

Many default services are unnecessary and consume resources; disable them.

Essential services to keep:

sshd – remote login.

crond – scheduled tasks (at, crontab).

rsyslog – system logging.

sysstat – performance monitoring tools (iostat, mpstat, sar).

network – network interface management.

Command to disable all other non‑essential services:

6. Follow the principle of minimalism

Install only required packages, run only necessary services, use concise commands, limit root logins, grant minimal permissions, and restrict file system changes.

7. Harden SSH configuration

Change default port from 22.

Set UseDNS no to speed up login.

Set PermitRootLogin no.

Set GSSAPIAuthentication no to avoid slow connections.

Keep PasswordAuthentication yes.

Set PermitEmptyPasswords no.

Adjust LoginGraceTime 2m as needed.

8. Enable time synchronization

echo '*/5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1' >>/var/spool/cron/root

9. Increase file descriptor limits

[root@qll251 ~]# vim /etc/security/limits.conf
[root@qll251 ~]# ulimit -n
65535

10. Disable ICMP ping responses

echo 'net.ipv4.icmp_echo_ignore_all = 1' >>/etc/sysctl.conf
sysctl -p
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

OperationsLinuxsecurityserver optimization
Open Source Linux
Written by

Open Source Linux

Focused on sharing Linux/Unix content, covering fundamentals, system development, network programming, automation/operations, cloud computing, and related professional knowledge.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment