Securing Linux Based OS: A Stepwise Guide to Harden Ubuntu 16.04 LTS Server


Added on  2023-04-25

20 Pages2197 Words262 Views
Linux based operating systems may not be as exposed to cyber security risks as
Windows based ones but it would be foolish for anyone to let the guard down. For, more than
actual threats from attackers, vulnerabilities in open source tools and environments are very
common as they are more accessible and the exploits are pretty much well known. Hence
focus must be given in securing Linux based operating systems. In relative terms, the
following is easy to implement stepwise guide to harden Linux based operating systems
against the most common as well as critical security threats and vulnerabilities (Wang and Lu
2013). These techniques can be used to secure Ubuntu 16.04 LTS server or later versions:
Installation and configuring of security tools like uncomplicated firewall (ufw)
Secure SSH by configuring login based on public/private keys
Securing network via sysctl settings
Disabling recursion of Open DNS as also renaming of Version Info (Bind9 DNS)
Securing PHP
Security Tools for Ubuntu - Uncomplicated Firewall (ufw)
The best and easiest way to start securing Linux Ubuntu systems is by installing
firewalls. The Uncomplicated Firewall is among the very basic firewall solutions which
performs decently and configuring can be easily done with the provided tool ‘gufw’ or by
using fwbuilder, Firestarter or even Shorewall (Vanickis et al. 2018). Firestarter provides the
users with a GUI interface for configuring the firewall. To install the ufw, it is necessary to
enter the following command in the terminal window:
sudo apt-get install ufw
Securing Linux Based OS: A Stepwise Guide to Harden Ubuntu 16.04 LTS Server_1

For allowing the services SSH and HTTP, enter:
sudo ufw allow ssh
sudo ufw allow http
For enabling firewall, enter:
sudo ufw enable
For checking firewall status, enter:
sudo ufw status verbose
Securing the shared memory
The shared memory is often manipulated to attack a running service. They can be
secured by modifying the /etc/fstab. To perform this, one has to enter the /etc/fstab file, add
the line tmpfs /run/shm tmpfs defaults, noexec, nosuid 0 0 and save. Then a reboot should be
Securing Linux Based OS: A Stepwise Guide to Harden Ubuntu 16.04 LTS Server_2

Following the reboot process if the file /etc/fstab if opened again, shows that the security
modifications to the file are saved.
Securing Linux Based OS: A Stepwise Guide to Harden Ubuntu 16.04 LTS Server_3

Hardening of SSH
The most comprehensive means of securing the SSH is by making use of
public/private keys for logging in (Main and Sha 2017). When using password authentication,
the easiest method for securing SSH is by disabling the root login while also changing port
number of SSH with values other than default which is 22. Prior to disabling of root login, a
fresh SSH user needs to be created and made sure that this user is belonging to admin groups.
The SSH port number if changed must have a value less than 1024 for these ports are
privileged ones which cannot be opened by processes other than the root and processes that
run like root. For changing the SSH port, the newly chosen port on firewall needs to be
opened and port 22 should be closed. For the configuration the following command should
be entered:
sudo vi /etc/ssh/sshd_config
Securing Linux Based OS: A Stepwise Guide to Harden Ubuntu 16.04 LTS Server_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Installation of Network in Linux Server

Managing Services and Security

Computer Security-System Investigation

Advanced Network Security: Installation and Configuration Guide for CentOS, Apache, PHP, MySQL, and More

Network Security Vulnerability Analysis

Deploy Kali Linux and PFSense on Virtual Machine