How to Protect Linux From Web Attacks

Linux is generally a hardened, secure operating system, but it's still prone to web attacks like any other operating system, particularly when used on a web server. To protect Linux from web attacks like spam, hacks, denial of service, hijacks and command execution, you must secure and monitor your system.

Step 1 Disable start-up scripts, programs or services you don't require. Remove unused accounts and groups. Don't use services like finder, sendmail or FTP unless you must. If you do use them, make sure they run behind a firewall and are secure.

Step 2 Apply patches regularly to applications and the operating system. Subscribe to security mailing lists like LinuxSecurity.com.

Step 3 Use spam filtering and virus protection. Use a text-based email reader to avoid executing viruses.

Step 4 Set kernel and firewall rules to prevent spoofing and attacks. Configure ports 80, 443 and other allowable ports.

Step 5 Monitor your log files for unusual activity. Save log files to a remote host or an unwritable file so that they can't be altered. Run the netstat command regularly to look for unusual activity.

Step 6 Change passwords at least every few months. Use passwords that are a combination of numbers and uppercase and lowercase letters. Don't use the company name or any words which are easy to guess. Make the password at least seven characters long.

Step 7 Block root access from external connections. Restrict root access internally. Don't log in as root unless you must. Remove access to programs like cmd.exe. Start web server applications with as few account privileges as necessary.