January 13, 2026Guides

How to Secure Your Linux Server (Hardening)

Essential steps to secure your Linux server from unauthorized access and attacks.

Security is paramount when running a server on the internet. This guide covers essential steps to 'harden' your Linux server and protect it from common threats.

1. Keep Your System Updated

bash

# For Ubuntu/Debian
sudo apt update && sudo apt upgrade -y

# For RHEL / CentOS / Alma / Rocky
sudo yum update -y

2. Secure SSH Access

Disable password authentication and root login to prevent brute-force attacks. Edit /etc/ssh/sshd_config:

CRITICAL: Before disabling password authentication, ensure you have successfully added your SSH public key to the server (usually in ~/.ssh/authorized_keys) and tested that you can log in without a password. Otherwise, you will be locked out!

bash

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
# Change port for extra security
Port 2222

3. Configure a Firewall

Only allow necessary ports. If you changed SSH port, remember to allow it!

bash

sudo ufw allow 2222/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

4. Install Fail2Ban

Fail2Ban protects against brute-force attacks by banning IPs that show malicious signs.

bash

sudo apt install fail2ban -y
# Default configuration is usually sufficient

5. Use a Non-Root User

Avoid using the root user for daily tasks. Create a new user with sudo privileges:

bash

sudo adduser username
sudo usermod -aG sudo username

Security Checklist

Use SSH keys instead of passwords
Enable automatic security updates
Regularly audit open ports (netstat -tulpn)
Use strong, unique passwords for all accounts
Monitor system logs (/var/log/auth.log)
Disable unused services and remove unnecessary software