Secure server against attacks and viruses

in #linux4 years ago

This subsection describes various ways to protect your server, especially because it is connected to the internet, which is most often caused by computer attacks.

The first protection is the use of anti-virus, which with the current database is able to protect against infection of server or client computers (integration with e-mail with anti-virus), which greatly enhances the security of the corporate network (eg ClamAV).

RKHunter (Rootkit Hunter) and Chkrootkit (Check Rootkit) is a software used to locate rootkits in a system that takes control of your computer. Both programs have a list of many of the most popular Rootkits, so a frequent update is recommended.

Fail2ban is software that is designed to prevent password cracking by using the BruteForce (Generate All Password) or Dictionary (Use a dictionary with a list of words). On the third failed login attempt, it temporarily blocks the ability to log in, and if subsequent attempts fail in the future, it will block the ability to connect the IP address to the server.

Each Debian package contains MD5 checksums for all files. The Debsums program allows you to verify the consistency of programs on Debian-based systems, thus swapping files on your system will be quickly detected.

IPTables is packet filtering software, its application allows the administrator to completely block outbound ports and share specific known ports, making it difficult or impossible to attack the server.

SNORT is a program for detecting attacks by analyzing network traffic on the computer on which it was started - it is easy to track where the packet arrived at, what port it was and what service it was destined for, Network attacks such as web attacks, port scans, buffer overflow attempts, and more. In the hands of a good administrator will be able to track and block all attempts to break the server security.

Lynis can be a very useful program. This is an application that uses its database to scan all possible vulnerabilities. This is a very good tool to minimize (in keeping with his advice) the chances of hacking into the server. I will try to discuss this tool more broadly. If you find a possible vulnerability, the program will notify us and give you the appropriate link to the page explaining how to resolve this issue.

Sort:  

Very good post.

What about updates? 🖥️
SELinux?

Center for Internet Security offer guides on securing you box further
https://www.cisecurity.org/cis-benchmarks/

Ive personally used Lynis on a few tests very useful for a quick audit check.
https://cisofy.com/lynis/

Diving deeper you could run some Security Scanners such as Nessus or OpenVAS frequently to make sure theres no silly holes. Alienvault is also a good Free IDS

http://www.openvas.org/
https://www.alienvault.com/
https://www.tenable.com/products/nessus/select-your-operating-system

The guide was supposed to hit the novices / learners. It is worthwhile to describe the apparmor as many profiles are in the repository.

We can talk later, I'm going to a Linux conference

Coin Marketplace

STEEM 0.65
TRX 0.10
JST 0.074
BTC 56766.96
ETH 4499.60
BNB 620.33
SBD 7.24