How to Secure a Linux Server (or Desktop)
ฝัง
- เผยแพร่เมื่อ 9 ก.ค. 2024
- In this video, I go over six steps you can take to secure your Linux server.
Although I focus on Linux SERVERS in this video, you can take most of these points and apply them to a Linux desktop.
Chapters:
0:00 Introduction
1:13 Updates
5:48 SSH
11:17 Services
13:53 User Management
15:01 Firewall
17:00 Encryption
17:50 SELinux & AppArmor
Links:
How to enforce password complexity on Linux: www.networkworld.com/article/...
SELinux Documentation: access.redhat.com/documentati...
AppArmor Documentation: ubuntu.com/server/docs/securi...
Commands used in this video:
Check for updates (Ubuntu/Debian only): sudo apt update
Install updates (Ubuntu/Debian only): sudo apt upgrade
Edit unattended-upgrades configuration (Ubuntu/Debian only): sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
Apply changes to unattended-upgrades configuration (Ubuntu/Debian only): sudo systemctl restart unattended-upgrades
Generate an SSH keypair (to be done on your local computer): ssh-keygen
Make ".ssh" folder (you may already have this): mkdir ~/.ssh
Add your PUBLIC key as an authorized key: nano ~/.ssh/authorized-keys
Edit SSH configuration: sudo nano /etc/ssh/sshd_config
Delete an additional SSH configuration file that keeps password authentication enabled (Ubuntu only): sudo rm /etc/ssh/sshd_config.d/50-cloud-init.conf
Disable root user (NOTE: The root user is disabled by default on Ubuntu): sudo passwd -l root
Remove sudo privileges for a user: sudo deluser [username] sudo (example: sudo deluser drew sudo)
Delete a user: sudo deluser [username] (example: sudo deluser drew)
Configure password policies: sudo nano /etc/pam.d/common-password
Configure faillock module: sudo nano /etc/security/faillock.conf
Enable ufw: sudo ufw enable
Open a port on ufw: sudo ufw allow [port]/[protocol (optional)] (example: sudo ufw allow 22/tcp)
Show ufw rules: sudo ufw status numbered
Delete a ufw rule: sudo ufw delete [rule number] (example: sudo ufw delete 1)
Join this channel to get access to perks:
th-cam.com/users/drewhowdentec... - วิทยาศาสตร์และเทคโนโลยี
Excellent video. Professional, informed, and to the point!
I’ve run servers in the past, but I just recently transitioned to Linux on my primary workstation, and I found this video helpful!
badass thumbnail
Well done, keep up the good work! You need to improve your speech, but probably you are know it :)
Is it me or does it sound like Drew's voice is becoming more robotic-like?
What do you mean?
@@DrewHowdenTech Bro, you're a very good engineer, but if you're using an a.i. editing program or some kind of auto editing tool, it's making you seem very robotic, that's all he was talking about.