If you plan to take a LAMP server (Linux, Apache, MySQL and PHP), whether it is a virtual private server (VPS) or a dedicated server, the first thing to do is to secure it.
This guide outlines the procedure to follow to correctly configure your server. I’ll go over the basics and know some great tools you can use.
Step 1: Configuring the firewall
The first thing to do to secure your server is to set up a firewall. A firewall acts as a barrier between your server and the outside world; it checks that everything that enters is secure and blocks any malicious traffic. There is a huge choice of firewall solutions, but we will focus on the two best known:
UFW
Simple firewall, UFW is a good solution that requires only minimal configuration. The solution provides an intuitive way to create custom firewall rules and works with IPv4 and IPv6 networks. The UFW firewall is deactivated by default, do not forget to activate it to configure it. The UFW firewall also has a user interface accessible under the name Gufw .
iptables
Iptables is a known firewall provided with the Linux kernel; it is enabled by default in Linux. Like UFW, it works with both IPv4 and IPv6 networks. There is another version of iptables called ip6tables to manage IPv6.
Unlike UFW, the iptables syntax is quite difficult to master. Its advantage: it makes it possible to create security configurations of greater granularity. It is therefore a powerful tool to secure your server.
Step 2: Securing the configuration of the remote connection
As a server administrator, you will often need to connect to your server over the Internet. This remote connection must therefore be secure and encrypted. To do this, you must set up a secure SSH connection to your server.
There are two methods to connect in SSH:
Password login
As the name suggests, this type of connection requires entering a password each time you want to connect using SSH. Although this method requires less configuration, it is less secure and more exposed to brute force attacks.
Connection with certificate
For this type of connection, the server and the client machine must exchange their public key used to encrypt the connection. They must also authenticate each other. More complex to configure than the password method, this type of connection has the advantage of being much safer to connect to your server.
Step 3: Install a malware analysis tool
Using a malware analysis tool to monitor your server helps detect malware intrusions. Below are the two best-known free rootkit detection tools for malware analysis on your server:
chkrootkit
This famous scanner for hiding activity tools – or rootkits – searches for suspicious rootkit processes on a Linux server. Even if chkrootkit cannot detect all possible types of malware, it is undeniably a good place to start. However, don’t rely solely on chkrootkit to perform a comprehensive malware scan on your server; it is above all an entry level solution.
rkhunter
Like chkrootkit, Rkhunter searches for hidden rootkits on the system. It is also able to identify hidden files, bad permissions and suspicious strings. It can run on any Unix-based system. For correct detection of the most common malware, you can combine rkhunter with chkrootkit.
Step 4: Configure intrusion detection
Take intrusion detection as an alarm system capable of detecting unauthorized access to your server. Two of the best known intrusion detection systems are listed below.
Help
Help is a free directory and file integrity verification system that works like a trap. First, it creates a database of the current state of the system. It then checks the integrity of any file present in the system by comparing it with the known database. The server administrator is then notified in the event of significant changes that could jeopardize the integrity of the system.
Bro
Bro is a network intrusion detection system that monitors for unusual activity on your network. Bro works in the following way: he initially creates rules based on events generated on the network, the state of the network or the rules in place. If it detects something unusual, it creates an alert, modifies the firewall rules, updates the incident logs. The downside of this extremely versatile tool is its learning curve which can put off beginners.
Step 5: Replace FTP SFTP
As an administrator, you are going to need to upload files to or from your server from time to time. The most well-known file transfer protocol (FTP) is subject to security vulnerabilities, the authentication of the connection being carried out in plain text – format liable to be intercepted. By opting for the secure SFTP file transfer protocol , you choose a more secure solution, easy to install and configure on your server.
Step 6: Perform updates and regularly apply the patches to your server
If your server is based on Linux or UNIX, do not forget to update and upgrade your kernel, because distributors regularly update their kernel. Updating the kernel helps stabilize your system by taking advantage of the latest security patches and possible new kernel features. Not applying patches on a server is like inviting hackers to enter.
Step 7: Set permissions correctly
Permissions on the server are crucial. Any configuration error in the authorization settings can allow an attacker to easily take control of your server. When configuring permissions for users on your systems, limit yourself only to the permissions they will need.
By default, you can apply the umask rules for any new file created on a Linux server. This will allow you to limit the permissions associated with the files. The use of SGID ( Set Group Identification ) and SUID ( Set User Identification ) in files and directories makes it possible to restrict the permissions of certain users and groups for sensitive directories and files. This will not restrict the possibilities for them to use the server functionalities that they are authorized to use (such as the function of recovering a forgotten password).
Server security is crucial
The points we have raised here are just general advice to help you keep your server to a minimum. Security is of course a broad subject that must be kept in mind at all times to remain vigilant.