Learn how to harden Linux systems for security. Firewall configuration, SSH security, and access controls.
Get the latest tutorials, guides, and insights on AI, DevOps, Cloud, and Infrastructure delivered directly to your inbox.
Security hardening protects systems from threats. This guide covers essential Linux security practices.
# UFW (Ubuntu)
sudo ufw enable
sudo ufw allow 22/tcp
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw deny 3306/tcp
# firewalld (RHEL/CentOS)
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload
# /etc/ssh/sshd_config
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
Port 2222
MaxAuthTries 3
# Disable unused services
sudo systemctl disable telnet
sudo systemctl disable ftp
# Set file permissions
chmod 600 /etc/shadow
chmod 644 /etc/passwd
# Use sudo instead of root
sudo visudo
# Install
sudo apt install fail2ban
# Configure
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
Harden Linux systems by configuring firewalls, securing SSH, disabling unused services, and monitoring logs.
For Linux Security Hardening: Protecting Your System, define pre-deploy checks, rollout gates, and rollback triggers before release. Track p95 latency, error rate, and cost per request for at least 24 hours after deployment. If the trend regresses from baseline, revert quickly and document the decision in the runbook.
Keep the operating model simple under pressure: one owner per change, one decision channel, and clear stop conditions. Review alert quality regularly to remove noise and ensure on-call engineers can distinguish urgent failures from routine variance.
Repeatability is the goal. Convert successful interventions into standard operating procedures and version them in the repository so future responders can execute the same flow without ambiguity.
For Linux Security Hardening: Protecting Your System, define pre-deploy checks, rollout gates, and rollback triggers before release. Track p95 latency, error rate, and cost per request for at least 24 hours after deployment. If the trend regresses from baseline, revert quickly and document the decision in the runbook.
Keep the operating model simple under pressure: one owner per change, one decision channel, and clear stop conditions. Review alert quality regularly to remove noise and ensure on-call engineers can distinguish urgent failures from routine variance.
Repeatability is the goal. Convert successful interventions into standard operating procedures and version them in the repository so future responders can execute the same flow without ambiguity.
For Linux Security Hardening: Protecting Your System, define pre-deploy checks, rollout gates, and rollback triggers before release. Track p95 latency, error rate, and cost per request for at least 24 hours after deployment. If the trend regresses from baseline, revert quickly and document the decision in the runbook.
Keep the operating model simple under pressure: one owner per change, one decision channel, and clear stop conditions. Review alert quality regularly to remove noise and ensure on-call engineers can distinguish urgent failures from routine variance.
Repeatability is the goal. Convert successful interventions into standard operating procedures and version them in the repository so future responders can execute the same flow without ambiguity.
For Linux Security Hardening: Protecting Your System, define pre-deploy checks, rollout gates, and rollback triggers before release. Track p95 latency, error rate, and cost per request for at least 24 hours after deployment. If the trend regresses from baseline, revert quickly and document the decision in the runbook.
Keep the operating model simple under pressure: one owner per change, one decision channel, and clear stop conditions. Review alert quality regularly to remove noise and ensure on-call engineers can distinguish urgent failures from routine variance.
Repeatability is the goal. Convert successful interventions into standard operating procedures and version them in the repository so future responders can execute the same flow without ambiguity.
Kernel and Package Patch Management. Practical guidance for reliable, scalable platform operations.
LLM Gateway Design for Multi-Provider Inference. Practical guidance for reliable, scalable platform operations.
Explore more articles in this category
Learn how Linux containers work under the hood. Namespaces, cgroups, and container runtime internals.
Learn shell scripting best practices for writing maintainable, secure, and efficient bash scripts.
Learn how to optimize Linux file systems for better performance. Mount options, I/O tuning, and file system choices.