Linux Server Hardening: A Step-by-Step Security Guide for Sysadmins

Why Server Hardening Matters

A freshly installed Linux server is a blank slate — and attackers know exactly what defaults to exploit. Server hardening is the process of reducing your system's attack surface by eliminating unnecessary services, enforcing strict access controls, and applying security best practices. This guide walks you through the most impactful steps you can take immediately after provisioning a server.

Table of Contents

1. Update the system
2. Configure SSH securely
3. Set up a firewall
4. Disable unused services
5. Enforce strong user policies
6. Enable audit logging

Step 1: Update the System

Before anything else, ensure all packages are up to date. Unpatched software is one of the leading causes of successful server compromises.

sudo apt update && sudo apt upgrade -y   # Debian/Ubuntu
sudo dnf update -y                        # RHEL/Fedora/CentOS

Consider enabling automatic security updates using unattended-upgrades (Debian/Ubuntu) or dnf-automatic (RHEL-based).

Step 2: Configure SSH Securely

SSH is the most common entry point for attackers. Edit /etc/ssh/sshd_config and apply the following changes:

• Disable root login: PermitRootLogin no
• Disable password authentication: PasswordAuthentication no
• Use a non-standard port: Port 2222 (optional but reduces noise)
• Limit allowed users: AllowUsers youruser
• Use SSH key pairs instead of passwords for all logins

Restart the SSH service after making changes: sudo systemctl restart sshd

Step 3: Set Up a Firewall

Use UFW (Uncomplicated Firewall) on Ubuntu or firewalld on RHEL-based systems. Only allow the ports your server actually needs.

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2222/tcp   # SSH (use your chosen port)
sudo ufw allow 443/tcp    # HTTPS
sudo ufw enable

Step 4: Disable Unused Services

Every running service is a potential attack vector. List active services and disable anything you don't need:

sudo systemctl list-units --type=service --state=running
sudo systemctl disable --now <service-name>

Common candidates for removal: cups (printing), avahi-daemon (mDNS), bluetooth.

Step 5: Enforce Strong User Policies

• Use sudo instead of logging in as root directly
• Set password expiry with chage -M 90 username
• Lock inactive accounts
• Review /etc/passwd and /etc/sudoers regularly

Step 6: Enable Audit Logging

Install and enable auditd to track system events, file access, and privilege escalation attempts. Pair it with Fail2Ban to automatically block IPs with repeated failed login attempts.

sudo apt install fail2ban auditd -y
sudo systemctl enable --now fail2ban auditd

Final Checklist

Task	Status
System fully updated	✅
SSH root login disabled	✅
Key-based auth only	✅
Firewall active	✅
Unnecessary services removed	✅
Fail2Ban running	✅

Server hardening is an ongoing process, not a one-time task. Revisit your configuration regularly and stay informed about new vulnerabilities that affect your stack.