- We all believe Linux is secure by default — and to some extent it is.
- However, customizing default settings is crucial to minimize risk and keep your server truly safe.
- Here are the most important hardening steps.
We all believe that Linux is secured by default and agreed to some extend. However, Linux has in-built security model in place by default. We have to customize the default settings to be risk free and feel more secured of our server.
1. SSH Configuration Hardening
The first thing you should do is disable root SSH login and change the default SSH port. This immediately reduces your exposure to brute-force attacks.
# Edit /etc/ssh/sshd_config
PermitRootLogin no
Port 2222
PasswordAuthentication no
PubkeyAuthentication yesAfter making changes, restart the SSH service:
systemctl restart sshd2. Configure Firewall (CSF/iptables)
Always run a firewall. ConfigServer Security & Firewall (CSF) is the industry standard for cPanel/WHM servers.
- Block all ports by default, only open what you need
- Enable SYN flood protection
- Configure port scan detection
- Set up login failure detection
# Install CSF on CentOS
cd /usr/src
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf && sh install.sh3. Keep the System Updated
Regular updates patch known vulnerabilities. Enable automatic security updates:
yum update -y
yum install yum-cron -y
systemctl enable yum-cron4. Disable Unused Services
Every running service is a potential attack vector. Disable services you do not use:
systemctl disable bluetooth
systemctl disable cups
systemctl disable avahi-daemon5. Configure Fail2Ban
Fail2Ban monitors log files and automatically bans IPs that show malicious behavior.
yum install fail2ban -y
systemctl enable fail2ban
systemctl start fail2ban6. File System Security
Set correct file permissions on critical system files and directories. Never run web applications as root.
7. Regular Backups
Always maintain offsite backups. Use the 3-2-1 rule: 3 copies, 2 different media, 1 offsite.
Security is not a product, but a process. Stay vigilant, keep your software updated, and audit your systems regularly.
Implementing these security measures will significantly reduce the risk of your server being compromised. If you need help with server security, contact the WebsNP support team.