...
SSH login (weak passwords).
Users login (Stale and Unnecessary Accounts).
Firewall ( open network ports ).
update (old software version).
Off pwd login/only allow SSH & Off Root login.
Fail2ban (block failed attempt).
CPU running (server's performance).
rkhunter(malware detection).
Port 8080 should not be shown
1. SSH Login
SSH is a secure protocol used as the primary means of connecting to Linux servers remotely. It provides a text-based interface by spawning a remote shell. After connecting, all commands you type in your local terminal are sent to the remote server and executed there. SSH stands for Secure Shell and provides a safe and secure way of executing commands, making changes, and configuring services remotely. When you connect through SSH, you log in using an account that exists on the remote server. here.
...
Whenever you create a user don't forget to set authentication to ssh.
2. User login
A user’s account details that show login details as well as what users are doing on the system. here
...
$ who -u who command is used to display users who are logged on the system, including the terminals they are connecting from.
3. Firewall
Forgetting to secure and configure a dedicated server firewall is a common mistake and a huge security flaw. Firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet.Going into the firewall’s configuration allows you to remove unnecessary software that’s connected to the internet. This makes your server and its ports vulnerable to intrusion. here
...
$ sudo ufw allow 80$ sudo ufw allow 22$ sudo ufw allow 8080
4. Update
Although having fully patched software does not necessarily mean your server is fully secure, it is still very important to update your operating system and any other software running on it with the latest security patches. Upto this day, hacking incidents still occur because hackers took advantage and exploited un-patched servers and software.
apt-get update doesn't actually install new versions of software. Instead, it updates the package lists for upgrades for packages that need upgrading, as well as new packages that have just come to the repositories.
5. Off pwd login/only allow SSH.
Open the ssh configuration file with the help of this command $ nano /etc/ssh/sshd_config and set all the configuration. This configure allow all the security features to the server.
...
" PubkeyAuthentication " Yes define you need the private key to enter to the server, NO define you don't need Private key to enter the server. "PasswordAuthentication " No define server not require the sever password to login, it only opened via ssh Private key, YES defines it required the password to login. Then restart the ssh $ /etc/init.d/sshd restart .
6.Fail2ban
Fail2ban is a log-parsing application that monitors system logs for symptoms of an automated attack on your Linode. When an attempted compromise is located, using the defined parameters, Fail2ban will add a new rule to iptables to block the IP address of the attacker, either for a set amount of time or permanently. Fail2ban can also alert you through email that an attack is occurring.
...
Afterwards, you can restart fail2ban to implement the wrapping rules: sudo sudo service fail2ban start
$ nano /var/mail/root
7. CPU running
The Linux kernel is an incredible circus performer, carefully juggling many processes and their resource needs to keep your server humming along. The kernel is also all about equity: when there is competition for resources, the kernel tries to distribute those resources fairly. A particular process might consume more CPU usage, and affects the performance of the whole system. Since that particular process consumes more CPU, you couldn’t do other tasks. You need to wait for the that process to finish before starting a new task.
...
where 50 defines the target % of that process & 8275 defines the PID of that particular process.
8. RK_Hunter
(RootKill Hunter) Rootkits are software secretly installed by a malicious intruder to allow that user continued access to the server once security is breached. This is an extremely dangerous problem, because even after the entry vector that the user originally used to gain access is fixed, they can continue to enter the server using the rootkit they installed. here & here. Change to the root directory.
...
You can check the log file for warning $ nano /var/log/rkhunter.log
9. disable :8080 from URL
Check the link here for implementing the same.
...