# How To Secure A Linux Server

## Docs

- [The Danger Zone](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/advanced/danger-zone.md): High-risk security configurations that could break your system
- [Kernel sysctl Hardening](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/advanced/kernel-sysctl.md): Advanced Linux kernel hardening through sysctl parameters
- [nginx Security](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/advanced/nginx.md): Comprehensive security headers and configuration for nginx web servers
- [File/Folder Integrity Monitoring With AIDE](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/auditing/aide.md): Monitor and detect unauthorized changes to files and folders using Advanced Intrusion Detection Environment (AIDE)
- [Rootkit Detection With chkrootkit](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/auditing/chkrootkit.md): Scan for rootkits and security issues using the chkrootkit security scanner
- [Anti-Virus Scanning With ClamAV](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/auditing/clamav.md): Scan your Linux server for viruses and malware using ClamAV antivirus software
- [logwatch - System Log Analyzer and Reporter](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/auditing/logwatch.md): Receive daily email summaries of your server's logs and system status with logwatch
- [Lynis - Linux Security Auditing](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/auditing/lynis.md): Perform comprehensive security audits of your Linux server with Lynis security scanner
- [OSSEC - Host Intrusion Detection](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/auditing/ossec.md): Monitor and protect your server with OSSEC Host Intrusion Detection System (HIDS)
- [Rootkit Detection With Rkhunter](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/auditing/rkhunter.md): Detect rootkits, backdoors, and local exploits on your Linux server using Rootkit Hunter
- [ss - Seeing Ports Your Server Is Listening On](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/auditing/ss.md): Identify and monitor which network ports your server is listening on using the ss command
- [More Secure Random Entropy Pool (WIP)](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/basics/entropy.md): Improve system entropy for better cryptographic operations
- [Run Applications in a Sandbox with FireJail](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/basics/firejail.md): Confine applications to isolated environments for enhanced security
- [NTP Client](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/basics/ntp.md): Keep your server time synchronized with NTP for security and logging accuracy
- [Add Panic/Secondary/Fake Password Login Security](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/basics/panic-password.md): Configure a panic password that triggers protective actions when used
- [Force Accounts to Use Secure Passwords](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/basics/passwords.md): Enforce strong password requirements using PAM and pwquality
- [Securing /proc](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/basics/proc.md): Hide process information from other users by configuring /proc with hidepid
- [Limit Who Can Use su](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/basics/su.md): Restrict su command access to only authorized users for enhanced security
- [Limit Who Can Use sudo](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/basics/sudo.md): Configure sudo privileges to only allow specific users to run commands as root
- [Automatic Security Updates and Alerts](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/basics/updates.md): Configure unattended security updates and email notifications for your server
- [Contributing](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/contributing.md): How to contribute to the Linux Server Security guide
- [Using Ansible Playbooks](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/getting-started/ansible.md): Automate Linux server security with Ansible playbooks based on this guide
- [Installing Linux](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/getting-started/installation.md): Learn the high-level process for installing Linux on your server
- [Picking A Linux Distribution](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/getting-started/picking-distribution.md): Choose the right Linux distribution for your secure server deployment
- [Identify Your Principles](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/getting-started/principles.md): Define your threat model and security requirements before securing your Linux server
- [Pre/Post Installation Requirements](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/getting-started/requirements.md): Essential tasks to complete before and after installing Linux on your server
- [Guide Overview](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/guide-overview.md): Understanding the scope, structure, and approach of this Linux server security guide
- [Introduction](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/introduction.md): Learn how to secure a Linux server with comprehensive security hardening techniques and best practices
- [Application Intrusion Detection And Prevention With CrowdSec](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/network/crowdsec.md): Monitor application logs with community-powered threat intelligence to detect and prevent intrusions
- [Application Intrusion Detection And Prevention With Fail2Ban](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/network/fail2ban.md): Monitor application logs and prevent intrusions by blocking suspicious activity
- [iptables Intrusion Detection And Prevention with PSAD](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/network/psad.md): Monitor network activity to detect and prevent potential intrusion attempts
- [Firewall With UFW (Uncomplicated Firewall)](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/network/ufw.md): Configure UFW to control network traffic and secure your Linux server
- [Email Setup](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/resources/email-setup.md): Configure your Linux server to send email notifications using MSMTP or Exim4 with Gmail
- [Helpful Links](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/resources/helpful-links.md): Additional resources, acknowledgments, and licensing information for the Linux Server Security guide
- [Separate iptables Log File](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/resources/iptables-logging.md): Configure iptables to log to a dedicated file for easier troubleshooting and monitoring
- [Remove Short Diffie-Hellman Keys](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/ssh/diffie-hellman.md): Remove weak cryptographic moduli from SSH
- [SSH Security Overview](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/ssh/overview.md): Introduction to securing SSH on your Linux server
- [SSH Public/Private Keys](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/ssh/public-private-keys.md): Set up secure key-based authentication for SSH
- [Create SSH Group For AllowGroups](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/ssh/ssh-group.md): Control SSH access using UNIX groups
- [Secure /etc/ssh/sshd_config](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/ssh/sshd-config.md): Harden your SSH server configuration
- [2FA/MFA for SSH](https://mintlify.wiki/imthenachoman/How-To-Secure-A-Linux-Server/ssh/two-factor-auth.md): Add two-factor authentication to SSH for enhanced security