Linux is best in security, but we have to enable this after installation with some basic tools. Here I’m going to enable the security with iptables and also going to show how to check for leakage in the security.
Enabling Linux Security
The most basic tools to secure the server is iptables, which is the core part in the linux server. I’m going to control the iptables with the ufw tool.
If you are in ubuntu, then it’s already there. But for Debian or other variants, can install from these commands.
#UBUNTU/DEBIAN sudo apt install ufw #ARCH sudo pacman -S ufw
Enable and start service with systemd.
sudo systemctl enable ufw sudo systemctl start ufw
With this following command, you can allow some required ports.
sudo ufw allow 22
If specifically TCP,
sudo ufw allow 22/tcp
If you want to deny a specific port then use this command
sudo ufw deny 9000
First, check the status and delete required entries that you want.
sudo ufw status verbose sudo ufw delete deny 9000
At last, enable the ufw service to start controlling the ports.
sudo ufw enable
For docker with ufw refer to this Link.
Linux Security Check
There is a lot of tools to check the security in linux. So the basic check is the port scanning. I’m going to execute this with nmap tool, with is most popular for security in linux.
Nmap (“Network Mapper”) is a free and open source utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Here are some basic commands with nmap.
Installing nmap tool
#Ubuntu/Debian sudo apt install nmap #ARCH sudo pacman -S nmap
If you are struggling with password for sudo commands, then check this link.
This command to do some basic scan in port and get some OS and routing information.
sudo nmap -AAA 22.214.171.124
Command to scan all ports in the Linux server.
sudo nmap -p- 126.96.36.199
That’s all. Check none of port is open except that we mentioned with UFW command. Then you are good to go with harden security.