🛡️ A Sysadmin’s Guide to Linux Server Hardening

By Farooq Junejo • Linux Administrator | Hosting & Security Specialist

Whether you're managing a production server or a staging box, hardening your Linux environment is crucial for preventing exploits and data breaches. In this guide, I’ll share key techniques I use to lock down Linux systems.

1. Disable Root SSH Access

• Edit /etc/ssh/sshd_config
• Set: PermitRootLogin no
• Create a separate sudo user for secure access

2. Use SSH Keys Instead of Passwords

• Generate keys with ssh-keygen
• Copy the public key using ssh-copy-id
• Set PasswordAuthentication no in SSH config

3. Keep the System Updated

• Enable automatic updates: dnf-automatic or unattended-upgrades
• Manually run: yum update / apt update && upgrade

4. Configure a Basic Firewall

• Use firewalld or ufw for simple rules
• Only allow essential ports: 22 (SSH), 80/443 (web), 25/587 (email)

5. Install Fail2Ban

Prevent brute-force login attempts:

• Install: yum install fail2ban or apt install fail2ban
• Monitor SSH and web services
• Configure jail rules for responsiveness

6. Monitor Logs & Intrusion Attempts

• Use logwatch, OSSEC, or auditd for activity auditing
• Set up email notifications for suspicious events

7. Disable Unused Services

• Run ss -tuln or netstat -tulnp to see open ports
• Disable services using systemctl disable servicename

8. File Permission Hygiene

• Never use 777 permissions
• Use chown and chmod wisely
• Lock down configuration files (e.g. /etc/passwd, /etc/shadow)

Conclusion

Server security is a continuous process — not a one-time fix. Apply these hardening steps regularly and monitor your server with discipline. This is what separates an amateur from a professional sysadmin.