Firewall to File Permissions: Securing Your Linux Server Step-by-Step
When it comes to server security, Linux is often the platform of choice for system administrators due to its flexibility, transparency, and powerful built-in security tools. However, no server is secure by default. Whether you’re hosting websites, applications, or databases, securing your Linux dedicated server India is a critical responsibility.
In this blog, we’ll walk you through a step-by-step guide, from setting up firewalls to configuring file permissions, to help protect your Linux server against threats and unauthorized access.
Step 1: Keep Your System Updated
Before diving into configurations, ensure your system is running the latest packages:
sudo apt update && sudo apt upgrade -y
Regular updates patch known vulnerabilities and ensure your system is protected against newly discovered threats. Automating updates with tools like unattended-upgrades is also a good idea.
Step 2: Configure a Firewall (UFW or firewalld)
Your firewall is your first line of defense. On most Linux distributions, tools like UFW (Uncomplicated Firewall) or firewalld make it easy to manage rules.
For UFW (Debian/Ubuntu):
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw enable
For firewalld (CentOS/RHEL):
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
Only allow traffic on necessary ports (e.g., HTTP 80, HTTPS 443, or custom application ports). Everything else should be blocked by default.
Step 3: Disable Root Login Over SSH
By default, attackers often try to brute-force the root user. Disabling direct root login helps mitigate this risk.
Edit the SSH configuration file:
sudo nano /etc/ssh/sshd_config
Find and modify:
PermitRootLogin no
Then restart the SSH service:
sudo systemctl restart ssh
Instead, create a separate user with sudo privileges to manage the server.
Step 4: Set Up SSH Key Authentication
Passwords are vulnerable. A better way to secure SSH access is by using SSH key-based authentication:
- Generate a key on your local machine:
ssh-keygen -t rsa -b 4096 - Copy public key to the server:
ssh-copy-id user@your-server-ip
Then disable password authentication in /etc/ssh/sshd_config:
PasswordAuthentication no
And restart the SSH service again.
Step 5: Configure File and Directory Permissions
File permissions are crucial in preventing unauthorized access. Use the chmod, chown, and ls -l commands to view and set proper permissions.
- Limit executable access:
chmod 700 /path/to/script.sh - Restrict configuration files (e.g., database credentials):
chmod 600 /etc/yourconfig.conf
A good rule of thumb:
- 644 for files (read/write owner, read-only others)
- 755 for directories and executables
Use chown to assign correct ownership:
chown user:user file.txt
Step 6: Install Fail2Ban
Fail2Ban is a helpful tool that automatically bans IPs exhibiting malicious behavior, such as multiple failed login attempts.
Install it on Ubuntu:
sudo apt install fail2ban
Once configured, Fail2Ban scans logs and blocks repeat offenders by updating firewall rules.
Step 7: Monitor Logs and User Activity
Regularly check logs to identify suspicious activity:
/var/log/auth.log(Debian/Ubuntu)/var/log/secure(CentOS/RHEL)
You can also use tools like logwatch or OSSEC to automate and centralize log monitoring.
Check Also:-
- Fast Linux dedicated servers
- Dedicated Linux hosting server
- Linux dedicated servers
- Linux hosting dedicated
- Dedicated Linux hosting server
- Best Linux dedicated server hosting India
- Best Linux dedicated server India
Conclusion
Securing your Linux server is not a one-time task, it’s an ongoing process. From enabling firewalls and securing SSH access to managing file permissions and monitoring activity, every step strengthens your server’s defenses.
Whether you’re a sysadmin or a business running on a Linux dedicated server, implementing these best practices can significantly reduce the risk of breaches and data loss. Start with the basics and build a culture of proactive security.
