10 Tips for Hardening your Linux Servers
Рет қаралды 62,708
Күн бұрынFor the first episode in my Enterprise Linux Security series, I go over 10 tips for hardening your Linux servers. This video includes some important suggestions to take into consideration for your infrastructure, that will serve as a foundation for future episodes. As the series continues, we'll explore more concepts in-depth.
LearnLinuxTV Links
🐧 Main site:
➡️ www.learnlinux.tv
🐧 LearnLinuxTV Community:
➡️ community.learnlinux.tv
Support LearnLinuxTV (commission earned)
📖 Check out Jay's latest book, Mastering Ubuntu Server 4th Edition. Covers Ubuntu 22.04!
➡️ ubuntuserverbook.com
🙌 Support me on Patreon and get early access to new content!
➡️ learnlinux.link/patron
☁️ Check out KernelCare Enterpise and patch your servers in real-time:
➡️ kernelcare.com/
☁️ Support LearnLinuxTV and Set up your own cloud server with Akamai Connected Cloud:
➡️ learnlinux.link/akamai
🛒 Affiliate store for Linux compatible hardware/accessories (commission earned):
➡️ learnlinux.link/amazon
💻 Check out the Tiny Pilot KVM for your Homelab (commission earned):
➡️ learnlinux.link/tinypilot
About Me
🐦 Follow me on Twitter!
➡️ / jaythelinuxguy
👨 More about me:
➡️ www.jaylacroix.com
➡️ www.learnlinux.tv/about-me
Recommended evergreen videos:
💽 How to create a bootable flash drive for installing Linux
➡️ linux.video/flash-usb
🐧 OpenSSH Guide
➡️ linux.video/ssh
📖 LVM Deep-dive:
➡️ linux.video/lvm
🔐 How to better secure OpenSSH:
➡️ linux.video/secure-ssh
☁️ How to create a cloud Linux server with Linode:
➡️ learnlinux.link/create-linode
FAQ
🐧 Which distro do I use?
➡️ learnlinux.link/mydistro
💽 My recording gear (commissions earned):
➡️ learnlinux.link/recording-stuff
#Server #Linux #Security
@NodeNomad 3 жыл бұрын
01 # 02:42 # Number 1 : Adjust your mindset 02 # 04:59 # Number 2 : Patch your servers (and no excuses) 03 # 07:59 # Number 3 : Strengthen your passwords 04 # 09:10 # Number 4 : Don't open services to the public internet (unless you have no other choice) 05 # 11:32 # Number 5 : Lock down SSH 06 # 13:41 # Number 6 : Implement as many as layers of security as possible 07 # 15:12 # Number 7 : Implement reliable backups that are fully tested 08 # 16:57 # Number 8 : Take advantage of monitoring tools 09 # 18:41 # Number 9 : Consider a third party security audit 10 # 20:02 # Number 10 : Implement a business continuity plan
@milfordjohnson2289 3 ай бұрын
thanks node, that list summarizes it nicely.
@drmikeyg 3 жыл бұрын
Jay, a video on monitoring tools would be nice. Thanks and keep up the great work.
@netadmin-fraser787 2 жыл бұрын
NMap is good, but a WiFi adapter in monitor mode can be more useful not only for hacking but assessing the security and testing the security too
@unattributed1641 3 жыл бұрын
I love it that you think of backups and continuity as security issues. I've worked for too many companies where that wasn't the case. However there was one that I worked that was in the process of designing their own self-healing environment. Really appreciate that they were pushing forward with that idea.
@fredtheilig9636 3 жыл бұрын
Doing vulnerability scans should be on this list.
@here_is_pacific 3 жыл бұрын
great..but plz add timeline in future videos
@FranLMSP 3 жыл бұрын
16:00 Gitlab in 2017
@natem7440 3 жыл бұрын
Enjoy your content Jay - as always. One of the best Linux channels on KZfaq, and with recent content - probably the best IMHO. Really looking forward to this series.
@peterjansen4826 3 жыл бұрын
Good growth of the channel. Hard work and consistency paying of.
@wekiwa7055 2 жыл бұрын
Great video Jay. A multi part on Locking down a public facing server to maybe DOD levels would be great. Your common sense approach is refreshing.
@SupraRyu 2 жыл бұрын
You really found your speciality.. Excellent videos. Best for your success!
@kosmonautofficial296 3 жыл бұрын
Looking forward to it! Great first video.
@abdalla8114 Жыл бұрын
Going into my second year into System Administration, I'm very much thankful for your information. I will be looking forward to apply them in my company's servers.
@ianperkins8812 3 жыл бұрын
Nice, well presented and common sense. Thanks!
@TradersTradingEdge 3 жыл бұрын
Very helpful, thanks Jay!
@davidvantongerloo1907 3 жыл бұрын
nice sum up thanks Jay !!! have a nice week !!!
@KevinLyon 3 жыл бұрын
Thanks Jay! One of the big questions I've always had is around item 7--tested backups. I have basic systems like Deja Dup that does my desktop backups to a second disk in the machine and to a NAS on my network (still need an offsite/cloud option in the mix), but my question around this is always about testing the backups. How? Do I just run the restore and wait to see if it throws an error? Does that risk corrupting my existing data? What other way is there to test a backup properly then? Love the idea for this latest series!
@str0g 3 жыл бұрын
Great video 👍 you could elaborate on the 10 points more in the upcoming videos.
@ninja2807 3 жыл бұрын
Your videos are really good and help us (Linux learners). I would love to see a deep dive on various Linux services such as Apache, Nginx, OpenSSL, Bind9, some email server, etc. Thanks very much.
@mezlo64 3 жыл бұрын
great series, i cant wait for more videos :)
@13thravenpurple94 Жыл бұрын
Great work 🥳 Thank you 💜
@akshayvyas7637 3 жыл бұрын
i feel Patching techniques for different servers should be the next
@fullscale4me 3 жыл бұрын
Automatic patching vs manual. All patches vs security only.
@shadanequbal6756 3 ай бұрын
Very helpful video sir. May I have the link of next videos in this series?
@user-bb6qv5vi7l Жыл бұрын
Thank you for your lessons.
@joelsschwarz 8 ай бұрын
This is gold. Thanks!
@QuarKSonTV 3 жыл бұрын
Keeping server up to date is important, although it's worth noting auto-updates can break your server and your service could be down for some time before fixing it
@cjt5570 3 жыл бұрын
10:40 I learned this lesson today. I was setting up an instance to test for database replication. I don't have much knowledge about all the ports setting, so I set it to listen to public. In just few hours my log files were filled with all kinds of suspicious activities. After googled I realized these are mining virus. Public internet is scary. 😂
@AnzanHoshinRoshi 3 жыл бұрын
Thank you, Jay.
@guilherme5094 3 жыл бұрын
Thanks Jay!
@jschucke 2 жыл бұрын
In addition to patching the OS, don't forget about driver & firmware updates.
@fullscale4me 3 жыл бұрын
Plans vs accessibility: in the DMZ [needs a public IP] vs behind a NAT firewall vs only accessed externally via VPN.
@BloodAsp 3 жыл бұрын
I think the wording you were looking for is that you were not looking to incite baseles panic. It is always good to know that you don't know what you don't know, which can be scary when you have a lot hanging on the line.
@praecorloth 7 ай бұрын
18:09 This is what I do for public facing servers. Basically no one should be logged into them, so I've got NCPA running a user check every 30 seconds, and sending that information back to Nagios. For the reverse scenario, a server where you expect a lot of user traffic, you can enable State Stalking on a User List service check, that way when someone does log in, Nagios records who logged in, and you have it down to inside of a minute when they logged in, and what the username was.
@BrickTamlandOfficial 11 ай бұрын
A note about patching. many patches open new security holes. it's really a double edge sword. if a patch breaks business continuity then it could be just as costly as getting hacked, and if the patch opens up another security issue, doing nothing and "taking the gamble" (risk acceptance) is what business owners try to do.
@JayantBB78 2 жыл бұрын
3:33 Sarcasm....! :-) Anyway I am a big fan of you. for your videos. Great work. Keep posting.
@billbailey273 8 ай бұрын
Have you considered doing a desktop hardening, for those who use Linux as a daily driver?
@user-cx7ze6oi5y 5 ай бұрын
Do you have any plan to make a video about SELinux?
@user-bb6qv5vi7l Жыл бұрын
What the program for backups Linux have on his board?
@adeelhashmi145 Жыл бұрын
The best joke ever without emotion. 3:48
@camaycama7479 7 ай бұрын
for point 10, that's why kubernetes (and harvester) are there as a true solution for HA and self remedy ;)
@user-bb6qv5vi7l Жыл бұрын
One moment I configured My Linux work machine, after I upgraded my Linux machine and after she had problems with programs that have stopped working. It's ok, or did I something wrong?
@fullscale4me 3 жыл бұрын
Port scanning and what to shut off as determined by the server's role.
@majorgear1021 2 жыл бұрын
Video chapters would be nice. That way viewers can rewatch topics they need to refresh themselves on.
@user-bb6qv5vi7l Жыл бұрын
In windows I have administrative policies, where I change the rules for remote users. My rules is 3 wrong passwords and then block a user account. What the Linux have on his board?
@Daily-Web-Wonders 2 жыл бұрын
U r doing a good job with these videos my friend.. keep it up..
@Steamrick 3 жыл бұрын
I've actually experienced failed no-boot backups (not on my own environment and none I was in charge of, luckily). Not fun.
@aniksen3831 2 ай бұрын
I am using deepin how to secure it ?
@faizansalam 3 жыл бұрын
quality stuff
@scorp73 3 жыл бұрын
If it was only (not) patching the servers... I so hate it that at my new workplace their lifecycling policies just plain suck. E.g. distributions such as Ubuntu 14.04 and Debian 7.x have been EOL+EOS for quite some time now.... but there are still tons of those servers around, still allowed to run :( It's a tiring uphill battle I'm fighting here. :´(
@yeoucheoub3535 Жыл бұрын
Can you make traps too
@bulcub 3 жыл бұрын
how about some examples?
@loizostheochari1509 3 жыл бұрын
How can I block certain countries from hacking into my linux machine. Using Iptables and Ipset. For example blocking China, Russia and India completely. Is this possible! !!!
@HanTrio 3 жыл бұрын
The term you are searching for is "geoblocking" ;)
@WeedMIC 3 жыл бұрын
Pls consider timestamps
@abytebit Жыл бұрын
Is there any real content in this video except Ads?
@Ranblv 3 жыл бұрын
tip 11 Run the free Lynis auditing tool and change the ssh port. I used all 10 tips on my servers. I hope episode two will be more useful.
@AndersJackson 3 жыл бұрын
#3 Number 3, best is no passwords at all...
@EGGNBEENZ 9 ай бұрын
1.5x speed is just right
@LiveWireBT 3 жыл бұрын
No chapter marks, no meaningful description about the content. One has to skip through the video to learn what these "great" 10 tips are. I wouldn't call it hardening, but consumer-ish admins who never thought twice about what they install and run have to start somewhere. Very clickbaity. Of course you have to have lighting like a dance club or a brothel. Day in, day out, sustainability doesn't matter.
The Linux Experiment
Рет қаралды 210 М.
SMOL Italian
Рет қаралды 8 МЛН
SOFIADELMONSTRO
Рет қаралды 2,9 МЛН
NetworkChuck
Рет қаралды 2 МЛН
Axlefublr (she\they)
Рет қаралды 3
Fun Effects
Рет қаралды 20 МЛН
Sameer Gaming
Рет қаралды 2,3 МЛН