Hardening Linux Server

When you install a fresh Linux OS on server, You may need to install necessary package and make it ready for the production use. In technical word we call as a Server Hardening  The server Hardening dependents upon the usage of the server. Here we will discuss basic Linux Server Hardening.


1. To configure IP Address:-  (Setting Static IP Address)
  vi /etc/sysconfig/network-scripts/ifcfg-eno16777984
  HWADDR=
  TYPE=Ethernet
  BOOTPROTO=static
  NAME=eno16777984
  UUID=
  ONBOOT=yes
  IPADDR=10.11.12.40
  NETMASK=255.255.254.0
  GATEWAY=10.11.12.1
  DNS=8.8.8.8


 systemctl restart network.service
 ip addr show


Note: Once you restart network service IP changes get reflect. Here IP has been changed from DHCP to STATIC. 10.11.12.40 is my internal IP.

2. To change hostname immediately:-
  vim /etc/hostname
  linux


  or

  hostname -> to view current name
  vim /etc/sysconfig/network
  HOSTNAME=blog
  hostnamectl set-hostname blog
  systemctl restart network
  hostnamectl status


3. Resolve.conf file entry:
nameserver 8.8.8.8
        nameserver 4.2.2.2


4. Install Vim editor:
    yum install -y vim  -> text editor most popular editor in linux

5. Disable SELinux policy:
    getenforce
    vim /etc/sysconfig/selinux


6. Check firewall and IPTABLES:
   systemctl status firewalld.service
   iptables -L


 
   systemctl mask iptables
   systemctl stop iptables
   systemctl disable iptables
   systemctl status iptables

   systemctl enable firewalld.service
   systemctl status firewalld.service



 Once done above changes need to reboot the machine.
 init 6 -> to reboot

7. Install SNMP:-
   yum install net-snmp-utils php-snmp net-snmp-libs
   vim /etc/snmp/snmpd.conf



8. Install necessary packages:-
   yum install wget telnet net-tools links



9. Installing and Configuring NTP:-
   yum install ntp
   vi /etc/ntp.conf -> Configuration file
   server ntp.server.com

   or

   server ntp.org



  server ntp.server.com --> public ntp server, If we own any ntp server then we can use server hostip      eg: server 10.11.12.41

  systemctl start ntpd.service
  systemctl enable ntpd.service
  systemctl status ntpd.service


10. Install MySQL:
    a) Add repostiory
    rpm -Uvh http://dev.mysql.com/get/mysql-community-release-el7-5.noarch.rpm

    b) Install mySQL:
    yum install mysql-server



   c) Start MySQL service
    [root@linux ~]# systemctl start mysqld
    [root@linux ~]# systemctl enable mysqld
    [root@linux ~]# systemctl status mysqld


   d) Configure MySQL
   mysql_secure_installation



   e) login into mysql
   mysql -u root -p


11. Install Apache:-
    a) Install apache using yum in CentOS:
    yum install httpd -y
 
    b) Start the service after installing the apache:
    service httpd start
    service httpd enable

    Default location for apache
    /var/www/html/

    Default Configuration file for apache
    /etc/httpd/conf/httpd.conf

   c) To change Apache port:
   vim /etc/httpd/conf/httpd.conf
   [Default port is 80 but here i am changing the apache listening port from 80 to 991]
 
   Listen 10.11.12.40:991

   <Virtualhost *:991>
   ServerAdmin 10.11.12.40:3221
   DocumentRoot /var/www/html/
   </Virtualhost>

   d) Allow apache service/port in firewall:
   firewall-cmd --add-service=http
   firewall-cmd --permanent --add-port=991/tcp
   firewall-cmd --reload

   semanage port -a -t http_port_t -p tcp 991

   e) Restart and check the http configuration:
   httpd -t
   systemctl restart httpd.service

Note: To install Apache web-server using source file in Linux refer my next post.

12: Install Php:-
yum install php-common php-mbstring php-mcrypt php-devel php-xml php-gd
rpm -qa | grep -i php
cd /var/www/html vi test.php
(<? phpinfo(); ?> )

cat /var/www/html/test.php


To check disk space and RAM:-



 
Note: Here we have discussed basic Linux server hardening, Hardening server always depends upon the usage of the server for example if you going to use nginx webserver instead of apache then you have to install nginx. If you going to use Oracle / CouchDB / InfluxDB / MongoDB instead of MySQL DB then you have to install as per need. Same way hardening will also differ for Load balancer, Web-logic, Database server, FMS server and Wowza server hardening.
Previous
Next Post »