server-management

If you plan to take a  LAMP server  (Linux, Apache, MySQL and PHP), whether it is a virtual private server (VPS) or a dedicated server, the first thing to do is to secure it.

This guide outlines the procedure to follow to correctly configure your server. I’ll go over the basics and know some great tools you can use.

Step 1: Configuring the firewall

The first thing to do to secure your server is to set up a firewall. A firewall acts as a barrier between your server and the outside world; it checks that everything that enters is secure and blocks any malicious traffic. There is a huge choice of firewall solutions, but we will focus on the two best known:

UFW

Simple firewall,  UFW  is a good solution that requires only minimal configuration. The solution provides an intuitive way to create custom firewall rules and works with IPv4 and IPv6 networks. The UFW firewall is deactivated by default, do not forget to activate it to configure it. The UFW firewall also has a user interface accessible under the name  Gufw .

iptables

Iptables is a known firewall provided with the Linux kernel; it is enabled by default in Linux. Like UFW, it works with both IPv4 and IPv6 networks. There is another version of iptables called ip6tables to manage IPv6.
Unlike UFW, the iptables syntax is quite difficult to master. Its advantage: it makes it possible to create security configurations of greater granularity. It is therefore a powerful tool to secure your server.

Step 2: Securing the configuration of the remote connection

As a server administrator, you will often need to connect to your server over the Internet. This remote connection must therefore be secure and encrypted. To do this, you must set up a secure SSH connection to your server.

There are two methods to connect in SSH:

Password login

As the name suggests, this type of connection requires entering a password each time you want to connect using SSH. Although this method requires less configuration, it is less secure and more exposed to brute force attacks.

Connection with certificate

For this type of connection, the server and the client machine must exchange their public key used to encrypt the connection. They must also authenticate each other. More complex to configure than the password method, this type of connection has the advantage of being much safer to connect to your server.

Step 3: Install a malware analysis tool

Using a malware analysis tool to monitor your server helps detect malware intrusions. Below are the two best-known free rootkit detection tools for malware analysis on your server:

chkrootkit

This famous scanner for hiding activity tools – or rootkits – searches for suspicious rootkit processes on a Linux server. Even if  chkrootkit  cannot detect all possible types of malware, it is undeniably a good place to start. However, don’t rely solely on chkrootkit to perform a comprehensive malware scan on your server; it is above all an entry level solution.

rkhunter

Like chkrootkit,  Rkhunter  searches for hidden rootkits on the system. It is also able to identify hidden files, bad permissions and suspicious strings. It can run on any Unix-based system. For correct detection of the most common malware, you can combine rkhunter with chkrootkit.

Step 4: Configure intrusion detection

Take intrusion detection as an alarm system capable of detecting unauthorized access to your server. Two of the best known intrusion detection systems are listed below.

Help

Help  is a free directory and file integrity verification system that works like a trap. First, it creates a database of the current state of the system. It then checks the integrity of any file present in the system by comparing it with the known database. The server administrator is then notified in the event of significant changes that could jeopardize the integrity of the system.

Bro

Bro  is a network intrusion detection system that monitors for unusual activity on your network. Bro works in the following way: he initially creates rules based on events generated on the network, the state of the network or the rules in place. If it detects something unusual, it creates an alert, modifies the firewall rules, updates the incident logs. The downside of this extremely versatile tool is its learning curve which can put off beginners.

Step 5: Replace FTP SFTP

As an administrator, you are going to need to upload files to or from your server from time to time. The most well-known file transfer protocol (FTP) is subject to security vulnerabilities, the authentication of the connection being carried out in plain text – format liable to be intercepted. By opting for the secure SFTP file transfer protocol  , you choose a more secure solution, easy to install and configure on your server.

Step 6: Perform updates and regularly apply the patches to your server

If your server is based on Linux or UNIX, do not forget to update and upgrade your kernel, because distributors regularly update their kernel. Updating the kernel helps stabilize your system by taking advantage of the latest security patches and possible new kernel features. Not applying patches on a server is like inviting hackers to enter.

Step 7: Set permissions correctly

Permissions on the server are crucial. Any configuration error in the authorization settings can allow an attacker to easily take control of your server. When configuring permissions for users on your systems, limit yourself only to the permissions they will need.

By default, you can apply the umask  rules  for any new file created on a Linux server. This will allow you to limit the permissions associated with the files. The use of SGID ( Set Group Identification ) and SUID ( Set User Identification ) in files and directories makes it possible to restrict the permissions of certain users and groups for sensitive directories and files. This will not restrict the possibilities for them to use the server functionalities that they are authorized to use (such as the function of recovering a forgotten password).

Server security is crucial

The points we have raised here are just general advice to help you keep your server to a minimum. Security is of course a broad subject that must be kept in mind at all times to remain vigilant.