Hardening Linux Servers: Essential Security Configurations & Best Practices

Overview

Linux server version: RedHat Linux AS 2.1. Security settings for an open operating system include minimizing services, restricting remote access, hiding important data, patching vulnerabilities, using security tools, and performing regular security checks. This article focuses on user configuration, service management, and system optimization to make Linux servers more secure and stable.

User Management

In Linux, a user account consists of a username and a password. Usernames are stored in /etc/passwd and encrypted passwords in /etc/shadow. Normally only the superuser (root) can read these files, but misconfiguration can expose them to regular users, enabling password‑cracking attacks.

2.1 Delete special system user and group accounts

These default accounts are rarely used on production servers and are often targeted by attackers.

Similarly, default system groups are removed to reduce attack surface.

2.2 User password settings

The default minimum password length is 5 characters; increase it to 8 by editing login.defs (e.g., vi /etc/login.defs).

2.3 Modify automatic logout timeout

Set TMOUT=300 (300 seconds = 5 minutes) in /etc/profile to automatically log out idle sessions.

2.4 Lock password files

Use chattr +i /etc/passwd (and similarly for /etc/shadow) to make the files immutable.

Service Management

3.1 Disable unused services

Two methods: rename init scripts (e.g., mv /etc/init.d/servicename.servicename.old) or use chkconfig to turn off services at runlevels.

3.2 Lock service port list file

Apply immutable attribute to the file that stores service ports to prevent unauthorized changes.

3.3 Restrict SSH root login

Edit /etc/ssh/sshd_config and set PermitRootLogin no to disallow direct root SSH access.

System File Permissions

Linux file permissions are defined for owner, group, and others, including read, write, execute, SUID, and SGID bits. Improper SUID/SGID files can be exploited.

4.1 Modify init directory file execution permissions

4.2 Adjust SUID/SGID bits on critical files

4.3 Modify boot files

System Optimization

5.1 Virtual memory tuning

Linux utilizes most of physical memory; virtual memory is used only when free pages fall below a threshold. Settings in /proc/sys/vm/freepages define minimum, low, and high free page counts. For a 1 GB system, adjust parameters as shown.

Log Management

6.1 Boot log

Use dmesg to view kernel boot messages; pipe output to a pager for easier reading.

6.2 System runtime logs

Logs are stored under /var/log. Common files include: /var/log/messages – core system messages, errors, and authentication events. /var/log/XFree86.0.log – X server startup log.

Rotated logs with numeric suffixes managed by logrotate.

Configure /etc/logrotate.conf to set rotation frequency (e.g., weekly) and retention ( rotate 4 keeps four weeks).

Custom log destinations can be set in /etc/syslog.conf and /etc/sysconfig/syslog.

6.3 User operation logs

Use last to read /var/log/wtmp for login records.

Use history to view command history; configure HISTSIZE in /etc/profile (e.g., HISTSIZE=1000).

Firewall

7.1 iptables firewall

iptables manages kernel packet‑filtering rules. Tables contain chains (INPUT, OUTPUT, FORWARD, etc.) and targets (ACCEPT, DROP, REJECT, MASQUERADE, REDIRECT, RETURN). Rules are added to appropriate chains to control traffic.

Example instances:

7.2 ipchains firewall

ipchains provides similar functionality for older kernels. Rules are defined for INPUT, OUTPUT, FORWARD, and user‑defined chains.

Example to clear INPUT rules and set default policy to REJECT:

Allow TCP ports 80, 81, 22, 123:

Block other ports (0‑1023, 2049, 6000‑6009, 7100) and allow loopback traffic:

Clear OUTPUT rules and set default policy to ACCEPT:

Clear FORWARD rules, set default policy to DENY, and allow forwarding for subnet 10.10.11.0/24 with masquerading: