Deployment Recipes Part 12 stresses more on security. Security is the pillar of any web-server or any application per say. If the application is not secure, however the good the product you create, it will have no meaning to the customers. For that matter most corporate spend thousands of dollars for application security. Information and data is the heart of everything in today’s digital world. It must be secured. Today’s article deals with certain aspects of linux server security.
Handling Security
Here’s a few steps to handle security of your linux server.
Removing unwanted softwares from your debian system
- apt-get –purge remove dovecot
- apt-get –-purge remove skypeforlinux.
- dpkg –-remove skypeforlinux.
- dpkg –r packagename.deb.
- apt-get clean && apt-get autoremove. sudo apt-get -f install. …
- #apt-get update. #dpkg –-configure -a. …
- apt-get -u dist-upgrade.
- apt-get remove –dry-run packagename.
Determine running network services
sudo ss -atpu
Linux list all users account using the /etc/passwd file
Type any one of the following command:$ cat /etc/passwd
Cleanly remove a software from debian based system
Say you’ve installed WordPress on a server and want to cleanly remove it. To first uninstall WordPress and remove all configuration files, issue the command:
sudo apt-get purge wordpress
Once this command completes, you can then remove all of the dependencies that were installed alongside WordPress with the command:
sudo apt-get autoremove
When that final command finishes, WordPress will have been removed, along with all of its configuration files and dependencies. If you need to remove an application from a Linux server or desktop, using these two simple commands is the way to go.
Securing your server
Update Your System–Frequently
Keeping your software up to date is the single biggest security precaution you can take for any operating system. Software updates range from critical vulnerability patches to minor bug fixes, and many software vulnerabilities are actually patched by the time they become public.
Automatic Security Updates
There are arguments for and against automatic updates on servers. Fedora’s Wiki has a good breakdown of the pros and cons, but the risk of automatic updates will be minimal if you limit them to security updates. Not all package managers make that easy or possible, though.
The practicality of automatic updates is something you must judge for yourself because it comes down to what you do with your Linode. Bear in mind that automatic updates apply only to packages sourced from repositories, not self-compiled applications. You may find it worthwhile to have a test environment that replicates your production server. Updates can be applied there and reviewed for issues before being applied to the live environment.
- CentOS uses yum-cron for automatic updates.
- Debian and Ubuntu use unattended upgrades.
- Fedora uses dnf-automatic.
Using Sudo
To run a command with root access, type in sudo and enter the desired command.
For example, to view details for the root directory, run the ls tool as:
sudo ls -la /rootEnter the user’s password, and the terminal shows the contents of the root directory. You only need to enter the password once in the same session.
Deleting a user using deluser
In order to delete a user on Debian 10, you have to use the deluser command.
$ sudo deluser <username>To remove a user with its home directory, run the deluser command with the –remove-home parameter.
$ sudo deluser --remove-home <username> Looking for files to backup/removeRemoving user 'user'Warning: group 'user' has no more members.Done.To delete all the files associated with a user, use the –remove-all-files parameter.
$ sudo deluser --remove-all-files <username>While this is not an exhaustive description of security, it certainly is something worth going-in for. We will look at security more closely in upcoming articles but for today we will take a pause here. Hope you like the article. Stay focused!
