Member-only story
7 CIS Security Best Practices I Apply on Every Linux Server I Set Up
--
1
Share
Intro: CIS Benchmarks are like a checklist for hardening your Linux servers against the most common threats. These best practices arenβt just for compliance β theyβre battle-tested techniques that have saved me from misconfigurations, attacks, and downtime. Here are 7 steps I take every time I spin up a new Ubuntu or Red Hat server.
1. π Disable Root Login via SSH
Why: Root login over SSH is a major target for brute-force attacks.
β
How:
sudo nano /etc/ssh/sshd_config# Set this:PermitRootLogin no
sudo systemctl restart sshd
2. 𧱠Enable and Configure a Host Firewall
Why: Only allow whatβs needed, and block everything else by default.
β
Ubuntu:
sudo ufw default deny incomingsudo ufw default allow outgoingsudo ufw allow OpenSSHsudo ufw enable
β
Red Hat:
sudo firewall-cmd --set-default-zone=dropsudo firewall-cmd --permanent --add-service=sshsudo firewall-cmd --reload
Top comments (0)