NextStep4it | All Technical Stuff
archives
Previous page
Next page
Linux ClassRoom

Hi Friends Welcome To Linux World , In this Tutorial we will learn Linux Server's Hardening Tips & Tricks

 

Most Common Linux Server's  Hardening Tips

 

1. Enable Timestamps in History Command

 

When we run the 'history' command it only gives you command along with the line numbers. Sometimes it’s useful to have a time stamp attached to each command to build a clearer picture.To enable the timestamps in history command , set 'HISTTIMEFORMAT' environment variable.

 

# export HISTTIMEFORMAT="%d-%b-%Y %r "

 

To permanently set this  variable , add below entry  at the end of  file /etc/profile

 

export HISTTIMEFORMAT="%d-%b-%Y %r "

 

 

2. Configure NTP for Clock Synchronization

 

The Network Time Protocol (NTP) is a protocol used to help synchronize Linux system's clock with an accurate time source. In CentOS / RHEL we can use NTP software. This package provides client and server software programs for time synchronization.The ntp package contains utilities and daemons that will synchronize your Linux Server's time to Coordinated Universal Time (UTC) via the NTP protocol and NTP servers.

 

Install NTP :

 

# yum -y install ntp

 

Sync the Server's Time with NTP Server using below command :

 

# /usr/sbin/ntpdate  time1.nextstep4it.com

 

Where : time1.nextstep4it.com is the ntp server , just replace the ntp server according to your setup.

 

To permanently Set the NTP Configuration ,edit the file /etc/ntp.conf , add the ntp server like

 

# server time1.nextstep4it.com

 

Comment out all the ntp Server's entries in the file /etc/ntp.conf and start the service

# service ntpd start ; chkconfig ntpd on

3. Enable Log Rotation Policy


Most of the log files are located in the /var/log/ directory. Some applications such as httpd and samba have a directory within /var/log/ for their log files.

 

You may notice multiple files in the /var/log/ directory with numbers after them (for example, cron-20130102). These numbers represent a timestamp that has been added to a rotated log file. Log files are rotated so their file sizes do not become too large. The logrotate package contains a cron task that automatically rotates log files according to the /etc/logrotate.conf configuration file and the configuration files in the /etc/logrotate.d/ directory.

The following is the example of  /etc/logrotate.conf configuration file:

 

# rotate log files weekly

weekly

# keep 4 weeks worth of backlogs

rotate 4

# uncomment this if you want your log files compressed

compress

 

All of the lines in the example configuration file define global options that apply to every log file. In our example, log files are rotated weekly, rotated log files are kept for the duration of 4 weeks, and all rotated log files are compressed by gzip into the .gz format. Any lines that begin with a hash sign (#) are comments and are not processed .

 

You have to define configuration options for a specific log file and place it under the global options. However, it is recommended to create a separate configuration file for any specific log file in the /etc/logrotate.d/ directory and define any configuration options there.

 

4.  Centralized Authentication / Gateway Server Authentication

 

Linux servers should be integrated With LDAP Server for servers authentication.Without a centralized authentication system, user auth data becomes inconsistent, which may lead into out-of-date credentials and forgotten accounts which should have been deleted in first place.

 

A centralized authentication service allows you maintaining central control over Linux / UNIX account and authentication data.

 

 

5. Boot the CentOS/RHEL Server in run level 3

 

As X server consumes lot resources like CPU & Memory , so it is better to run the linux servers in run level 3 (CLI mode). To boot the server in run level 3 , edit the file /etc/inittab & make the below change

 

id:3:initdefault:

Previous page
Next page