10 Tips for Hardening your Linux Servers

preview_player
Показать описание
For the first episode in my Enterprise Linux Security series, I go over 10 tips for hardening your Linux servers. This video includes some important suggestions to take into consideration for your infrastructure, that will serve as a foundation for future episodes. As the series continues, we'll explore more concepts in-depth.

# LearnLinuxTV Links
🐧 Main site:

🐧 LearnLinuxTV Community:

# Support LearnLinuxTV (commission earned)
📖 Check out Jay's latest book, Mastering Ubuntu Server 4th Edition. Covers Ubuntu 22.04!

🙌 Support me on Patreon and get early access to new content!

☁️ Check out KernelCare Enterpise and patch your servers in real-time:

☁️ Support LearnLinuxTV and Set up your own cloud server with Akamai Connected Cloud:

🛒 Affiliate store for Linux compatible hardware/accessories (commission earned):

💻 Check out the Tiny Pilot KVM for your Homelab (commission earned):

# About Me
🐦 Follow me on Twitter!

👨 More about me:

# Recommended evergreen videos:
💽 How to create a bootable flash drive for installing Linux

🐧 OpenSSH Guide

📖 LVM Deep-dive:

🔐 How to better secure OpenSSH:

☁️ How to create a cloud Linux server with Linode:

*📘 FAQ*

#Server #Linux #Security
Рекомендации по теме
Комментарии
Автор

01 # 02:42 #  Number 1 : Adjust your mindset
02 # 04:59 #  Number 2 : Patch your servers (and no excuses)
03 # 07:59 # Number 3 : Strengthen your passwords
04 # 09:10 # Number 4 : Don't open services to the public internet (unless you have no other choice)
05 # 11:32 # Number 5 : Lock down SSH
06 # 13:41 # Number 6 : Implement as many as layers of security as possible
07 # 15:12 # Number 7 : Implement reliable backups that are fully tested
08 # 16:57 # Number 8 : Take advantage of monitoring tools
09 # 18:41 # Number 9 : Consider a third party security audit
10 # 20:02 # Number 10 : Implement a business continuity plan

NodeNomad
Автор

I love it that you think of backups and continuity as security issues. I've worked for too many companies where that wasn't the case. However there was one that I worked that was in the process of designing their own self-healing environment. Really appreciate that they were pushing forward with that idea.

unattributed
Автор

Jay, a video on monitoring tools would be nice. Thanks and keep up the great work.

drmikeyg
Автор

As an aspiring Linux System Administrator, this video is invaluable. Thank you

stefandevos
Автор

Doing vulnerability scans should be on this list.

fredtheilig
Автор

Great video Jay. A multi part on Locking down a public facing server to maybe DOD levels would be great. Your common sense approach is refreshing.

wekiwa
Автор

great..but plz add timeline in future videos

here_is_pacific
Автор

Going into my second year into System Administration, I'm very much thankful for your information. I will be looking forward to apply them in my company's servers.

abdalla
Автор

Enjoy your content Jay - as always. One of the best Linux channels on Youtube, and with recent content - probably the best IMHO. Really looking forward to this series.

natem
Автор

Thanks Jay! One of the big questions I've always had is around item 7--tested backups. I have basic systems like Deja Dup that does my desktop backups to a second disk in the machine and to a NAS on my network (still need an offsite/cloud option in the mix), but my question around this is always about testing the backups. How? Do I just run the restore and wait to see if it throws an error? Does that risk corrupting my existing data? What other way is there to test a backup properly then?

Love the idea for this latest series!

KevinLyon
Автор

Great video 👍 you could elaborate on the 10 points more in the upcoming videos.

strg
Автор

10:40 I learned this lesson today. I was setting up an instance to test for database replication. I don't have much knowledge about all the ports setting, so I set it to listen to public. In just few hours my log files were filled with all kinds of suspicious activities. After googled I realized these are mining virus. Public internet is scary. 😂

cjt
Автор

Good growth of the channel. Hard work and consistency paying of.

peterjansen
Автор

You really found your speciality.. Excellent videos. Best for your success!

SupraRyu
Автор

i feel Patching techniques for different servers should be the next

akshayvyas
Автор

Keeping server up to date is important, although it's worth noting auto-updates can break your server and your service could be down for some time before fixing it

QuarKSonTV
Автор

In addition to patching the OS, don't forget about driver & firmware updates.

jschucke
Автор

I think the wording you were looking for is that you were not looking to incite baseles panic. It is always good to know that you don't know what you don't know, which can be scary when you have a lot hanging on the line.

BloodAsp
Автор

Plans vs accessibility: in the DMZ [needs a public IP] vs behind a NAT firewall vs only accessed externally via VPN.

fullscaleme
Автор

18:09 This is what I do for public facing servers. Basically no one should be logged into them, so I've got NCPA running a user check every 30 seconds, and sending that information back to Nagios. For the reverse scenario, a server where you expect a lot of user traffic, you can enable State Stalking on a User List service check, that way when someone does log in, Nagios records who logged in, and you have it down to inside of a minute when they logged in, and what the username was.

praecorloth