Linux

5 Steps to secure newly installed web server

Linux is most popular operating system to be used as web server. Because it servers the purpose very well because it is light weight, secure and can serve a lot of user requests easily. But still their is a room for improvement in case of  security since web server is a public service and their is a chance of getting your linux machine compromised.

Today I am going to explain 5 steps to secure newly installed web server. These steps will give you a good start

Step 1: Secure the SSH

I’ve mentioned in many of my previous posts, that securing ssh is very essential part of security and usually it don’t get any attention. You can follow some of the older posts to secure your ssh.

The best thing you can do to your SSH is set up password less authentication, you can read about it here. For further SSH hardening you can read another useful article here.

Use iptables to restrict access on ssh

If you have static IP address, you can use the following command with -s flag, this flag is used to allow access to only 1 ip mentioned in the command, no other ip will then be able to access ssh

iptables -I INPUT -p tcp --dport 22 -s 192.168.1.1 -m state --state NEW,ESTABLISHED -j ACCEPT

If you don’t have static IP then run

iptables -I INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

Step 2: Update and patch your system

Making sure that all your applications are up to date is very essential, run following commands to upgrade your system

#for centos

yum upgrade
yum update

# for debian/ubuntu based distros

apt-get upgrade
apt-get update

Step 3: Drop all packets except SSH and HTTP

Since we’ve already accepted SSH connection through firewall, we will now drop all other packets coming towards our machine.

iptables -P INPUT DROP
iptables -P FORWARD DROP

Step 4: Allow HTTP Traffic

You should now allow HTTP traffic to your server

iptables -I INPUT -p tcp --dport 80 -j ACCEPT

This is very basic rule to allow HTTP traffic towards your servers. Now we only accept SSH and web packets towards our server and all other packets are being dropped.

Step 5: Intrusion detection system

This step is required only if you are being hacked often, I’ve explained a lot about intrusion detection here. Intrusion detection system helps you stay ahead of security threats.

You can also use intrusion detection system to only sniff packets, I’ve explained about it here.

Leave a Reply

Your email address will not be published. Required fields are marked *