3 Important Functions to Help You Secure Your Linux Server
Yes, getting your LAMP Web server to work, integrating it through your company’s pipeline, and securing your TLS certificate is an enormous task. However, it is only half the battle. LAMP servers are as secure as their configurations and one small compromise can lead to a slew of problems. Luckily, there are quite a few quick, industry-practiced techniques you or your company can use to secure your LAMP server.
System groups and setting privileges:
Groups are system objects that allow users to share functions with other users. The “privileges” of each group are what files or directories they can access, which is often assigned by you—the admin—and what powers they have. Groups are crucial to keeping track of who can see what and securing important files.
First, create a new group in your webserver. Once done, edit the properties of the group by using chown. By default, the ubuntu:app-data- command leaves the file ownership in the hands of the Ubuntu user but changes its group to a new app-data-group. Your terminal should look something like this:
# groupadd app-data-group
# chown ubuntu:app-data-group example.txt
After running the commands, the file permissions now belong to the group. Then, check the permissions and status of the file by running ‘ls’ with the “long” keyword to view all the file owners. Again, by default, it will be in the hands of the Ubuntu user who created the file.
Your terminal should now look like this:
$ ls -l | grep example.txt
-rwxrwx — — 1 ubuntu app-data-group example.txt
To give permissions to other users, you can use the terminal command usermod to add any user to the group. Then, switch to the user using the terminal command su. If you run the app again, the user added should have the permissions you set for all group members. Your terminal should look like so:
usermod -aG app-data-group otheruser
Believe it or not, this kind of organization is the best way to set up groups and adding permissions for users in your webserver. It is secure and an industry standard throughout. Adding users into a group giving each user permission one-by-one is an effective way of running a multi-user system.
Regularly check for recently installed software:
How would you know if someone managed to install suspicious software if you don’t look? There are a plethora of virus scanners and third-party applications out there; however, nothing beats the good-ole human eye. Checking for installed packages is easy to do with the terminal command “yum”. With this command you can list all the installed packages on your LAMP webserver. Your terminal command should look like so.
# yum list installed
Once done, yum will list all installed packages on your webserver. To uninstall a package, use the command:
# yum remove packageName
Check your open ports:
Ports are the foundation of your webserver so, keeping a close eye on your ports is keen for security. Scanning for open ports could reveal major red flags that are happening in your web server.
Netstat allows you to scan all “open” ports in a multi-purpose server. Likewise, to that of the “yum” command terminal, it’s relatively easy to use. Using the command:
You will have all of the IDs of every open port that is connected to your server.
While these functions are just the tip of the iceberg, it’s arguably the most important in securing a LAMP webserver. However, these widely practiced methods go a long way in overcoming the steep learning curve when securing LAMP webservers. To know more about securing a Linux webserver, I highly suggest reading “Linux In Motion” and “Linux In Action” by David Clinton, in which he dives deeper into this topic.