Linux is best in security, but we have to enable this after installation with some basic tools. Here I’m going to enable the security with iptables and also going to show how to check for leakage in the security.
Enabling Linux Security
The most basic tools to secure the server is iptables, which is the core part in the linux server. I’m going to control the iptables with the ufw tool.
Installing UFW
If you are in ubuntu, then it’s already there. But for Debian or other variants, can install from these commands.
#UBUNTU/DEBIAN
sudo apt install ufw
#ARCH
sudo pacman -S ufw
Enable and start service with systemd.
sudo systemctl enable ufw
sudo systemctl start ufw
Allowing ports
With this following command, you can allow some required ports.
sudo ufw allow 22
If specifically TCP,
sudo ufw allow 22/tcp
Denying ports
If you want to deny a specific port then use this command
sudo ufw deny 9000
Deleting entries
First, check the status and delete required entries that you want.
sudo ufw status verbose
sudo ufw delete deny 9000
Enable it
At last, enable the ufw service to start controlling the ports.
sudo ufw enable
For docker with ufw refer to this Link.
Linux Security Check
There is a lot of tools to check the security in linux. So the basic check is the port scanning. I’m going to execute this with nmap tool, with is most popular for security in linux.
Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Here are some basic commands with nmap.
Installing nmap tool
#Ubuntu/Debian
sudo apt install nmap
#ARCH
sudo pacman -S nmap
If you are struggling with password for sudo commands, then check this link.
Essential Commands
This command to do some basic scan in port and get some OS and routing information.
sudo nmap -AAA 1.1.1.1
Command to scan all ports in the Linux server.
sudo nmap -p- 1.1.1.1
That’s all. Check none of port is open except that we mentioned with UFW command. Then you are good to go with harden security.