Server Hardening — Linux

The purpose of systems hardening is to minimize security risk by eliminating potential attacks from adversaries and reduce the system’s attack surface.

If you want to make your Linux systems secure, please keep in mind these steps as below.

  1. Bios Protection
  2. Disk Encryption
  3. Disk Protection
  4. Lock Boot Directory
  5. Disable USB
  6. System Updates
  7. Necessary Packages
  8. Disable Unused Ports
  9. Secure Communication
  10. SELinux (Security Enhanced Linux)
  11. Disable IPv6
  12. Password Policies
  13. Enable and Configure Firewall
  14. Warning Banners
  15. Logging and Auditing

We will discuss about these steps in detail with another article soon.



Restriction of access on HTTPS to any website via IP Address on NGINX

It is recommended to access any web site via domain address instead of IP address, therefore please use the following steps to configure your NGINX.

server {
listen 443 ssl;

ssl_certificate /etc/nginx/ssl/;
ssl_certificate_key /etc/nginx/ssl/;
if ($host != "") {
return 301 $scheme://$request_uri;

After configuration is saved, reload your NGINX:

# service nginx reload

After NGINX reloaded, It will redirect all direct accesses using IP address to along with the URI in the request.