Linux is most popular operating system to be used as web server. Because it servers the purpose very well because it is light weight, secure and can serve a lot of user requests easily. But still their is a room for improvement in case of security since web server is a public service and their is a chance of getting your linux machine compromised.
Today I am going to explain 5 steps to secure newly installed web server. These steps will give you a good start
Step 1: Secure the SSH
I’ve mentioned in many of my previous posts, that securing ssh is very essential part of security and usually it don’t get any attention. You can follow some of the older posts to secure your ssh.
Use iptables to restrict access on ssh
If you have static IP address, you can use the following command with -s flag, this flag is used to allow access to only 1 ip mentioned in the command, no other ip will then be able to access ssh
iptables -I INPUT -p tcp --dport 22 -s 192.168.1.1 -m state --state NEW,ESTABLISHED -j ACCEPT
If you don’t have static IP then run
iptables -I INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
Step 2: Update and patch your system
Making sure that all your applications are up to date is very essential, run following commands to upgrade your system
# for debian/ubuntu based distros
Step 3: Drop all packets except SSH and HTTP
Since we’ve already accepted SSH connection through firewall, we will now drop all other packets coming towards our machine.
iptables -P INPUT DROP
iptables -P FORWARD DROP
Step 4: Allow HTTP Traffic
You should now allow HTTP traffic to your server
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
This is very basic rule to allow HTTP traffic towards your servers. Now we only accept SSH and web packets towards our server and all other packets are being dropped.
Step 5: Intrusion detection system
This step is required only if you are being hacked often, I’ve explained a lot about intrusion detection here. Intrusion detection system helps you stay ahead of security threats.