Skip to main content

Welcome to Linux Server Security

An evolving how-to guide for securing a Linux server that teaches you about security fundamentals and why they matter. This guide covers everything from SSH hardening to intrusion detection, helping you protect your server from unauthorized access and attacks.

Getting Started

Learn the fundamentals and prepare your server for hardening

SSH Security

Secure your SSH server with public/private keys and configuration hardening

Network Security

Configure firewalls and intrusion detection systems

Auditing & Monitoring

Monitor your server and detect potential security threats

Why Secure Your Server

The moment a device becomes visible to the outside world, it becomes a target for bad actors. An unsecured server is a playground for attackers who want:
  • Access to your data
  • To use your server as a node in large-scale DDOS attacks
  • To covertly steal data without leaving traces
  • To compromise your system for their nefarious purposes
Without proper security, you may never know if your server has been compromised. Bad actors don’t always change things or lock you out—sometimes they just silently copy your data or use your resources.

What This Guide Covers

  • Public/private key authentication
  • SSH configuration best practices
  • Two-factor authentication
  • Removing weak encryption keys
  • User access control (sudo/su)
  • Application sandboxing with FireJail
  • Secure password policies
  • Automatic security updates
  • Firewall configuration with UFW
  • Intrusion detection with PSAD
  • Application protection with Fail2Ban
  • Collaborative security with CrowdSec
  • File integrity monitoring with AIDE
  • Anti-virus scanning with ClamAV
  • Rootkit detection with Rkhunter
  • Security auditing with Lynis
  • Host intrusion detection with OSSEC
  • Linux kernel sysctl parameters
  • Web server security (nginx)
  • Advanced security configurations

Guide Philosophy

This guide is intended to be followed in order, as some sections depend on previous configurations. However, you can skip sections that don’t apply to your use case.

What This Guide Is

  • Work in progress - Continuously evolving with new security techniques
  • Distribution agnostic - Applicable to most Linux distributions
  • Practical and actionable - Includes copy-paste commands and real examples
  • Educational - Explains the “why” behind security measures

What This Guide Is Not

  • Not a Linux tutorial - Assumes basic Linux knowledge
  • Not exhaustive - Covers server security, not all aspects like physical security
  • Not one-size-fits-all - Your security needs may vary based on your threat model

Before You Start

Before implementing security measures, identify your threat model and understand what you’re protecting against. Consider:
  • Why you want to secure your server
  • How much security you need vs. convenience
  • What attack vectors are relevant to your situation
  • Whether you have recovery options if you lock yourself out

Quick Navigation

Choose a Distribution

Pick the right Linux distribution for your server

Installation Requirements

Pre and post installation checklist

Automate with Ansible

Use Ansible playbooks to automate security hardening

Community & Contributions

This guide is open source and accepts contributions. If you find errors, have suggestions, or want to add new security techniques, please contribute on GitHub.
For comprehensive industry-standard security benchmarks, also review the CIS Benchmarks after completing this guide.

Build docs developers (and LLMs) love

Get started for freeTalk to us