So before we start with the steps involved to configure firewall in Linux, first let’s make sure we understand what a firewall is and how it works.
Understanding what a firewall is and how it works:
A firewall is a program that surrounds the interface between a private network and the rest of the big and (usually) bad internet. You can think of the firewall as a gateway. It follows pre-configured rules that allow certain traffic to pass through from the internet to the private network and blocks those that are unwanted and potentially harmful.
Why do I need to configure firewall for my Linux machine? Isn’t it the safer than most other server OSs?
If you have a Linux machine, you are guaranteed a certain level of security by default, courtesy the amazing Linux developer community. Linux systems are generally immune to a majority of viruses and other threats that many other operating systems succumb to. But with the increase in the volume, variety and intensity of cyber threats today, configuring a Linux firewall is quite a necessity.
A step-by-step guide on how to configure firewall in Linux:
Step 1: Beef-up basic Linux security:
While this blog is titled to address firewall configuration, the first step is to ensure that the firewall has all the support it needs with a 100% secure Linux machine. To do this, ensure you have all the latest security updates installed for your version of Linux.
Step 2: Decide how you want to protect your server:
While Iptables is generally where the linux community looks to configure a firewall, there are easier options available that are also free for use. Here are some that we would recommend:
1.ClearOS:
-ClearOS is extremely easy-to-use. It is suitable those who prefer an easy-to-follow UI AND also for geeks who would like to talk to it through the command-line interface
Post a 10-minute installation time, you are asked to reboot and are given all the information and support required to manage your firewall as easily as possible
2.OPNsense:
-OPNsense offers several advanced features not usually found in free firewalls like ‘forward caching proxy’ and ‘intrusion detection’.
-It supports the use of OpenVPN. To know how useful OpenVPN is, read more here
-It uses an Inline Intrusion Prevention System which is a powerful form of Deep Packet Inspection. Here, instead of just blocking an IP address or port, the firewall inspects individual data packets or connections and stops them before they reach the sender if found malicious
3.ConfigServer Firewall (CSF):
-CSF is an advanced firewall suite for Linux systems has the Login Failure Daemon (LFD) process that regularly scans for failed login attempts (or “Brute-force attacks”) on your Server and takes action against the offending IP Addresses very quickly
-CSF can be managed through the Command Line Interface and its front-end is accessible by the root account through cPanel, DirectAdmin and Webmin which makes configuring and managing the firewall very simple
IPTABLES:
Understand Iptables and how it works:
The Linux kernel has the capacity to filter incoming and outgoing packages with a filtering tool known as ‘Iptables’. The Iptables tool is in charge of deciding which packages can come in and go out based on the rules it is configured to follow.
First, how to configure the firewall manually:
Working with iptables manually can be complicated. We have a quick fix at the bottom of our section you can try. Read on for more.
Step 1: Retrieve the Iptables firewall:
Iptables is pre-installed on almost every Linux distribution. You can use this command to retrieve the package:
sudo apt-get install iptables
Step 2: Discover what Iptables is already configured to do by default:
Run the iptable L command
Step 3: You can decide to modify the existing rules or instead start afresh:
To start afresh, run this command
iptables-F
Step 4: Decide which firewall ports to close:
First block all lines of attack by running the following commands:
Block XMAS Packets: iptables -A INPUT -p tcp –tcp-flags ALL ALL -j DROP
Block null packets: iptables -A INPUT -p tcp –tcp-flags ALL NONE -j DROP
Block syn-flood packets: iptables -A INPUT -p tcp ! –syn -m state –state NEW -j DROP
Step 5: Decide which firewall ports to leave open:
Here are some ports you could decide to leave open:
For outgoing connections:
- 80/tcp for HTTP
- 53/udp for DNS
- 443/tcp for HTTPS (secured HTTP)
- 21/tcp for FTP (File Transfer Protocol)
- 465/tcp for SMTP (send emails)
- 25/tcp for Insecure SMTP
- 22/tcp for SSH (secure connection from computer to computer)
- 993/tcp&udp for IMAP (receive emails)
- 143/tcp&udp for Insecure IMAP
- 9418/tcp for GIT (version control system)
For Incoming connections:
- 993/tcp&udp for IMAP (receive emails)
- 143/tcp&udp for Insecure IMAP
- 110/tcp for POP3 (old way to receive emails)
- 22/tcp for SSH (secure connection from computer to computer)
- 9418/tcp for GIT (version control system)
Step 6: Save your firewall configuration
Type the following command to save the settings you’ve configured and restart your firewall:
iptables -L -n
iptables-save | sudo tee /etc/sysconfig/iptables
service iptables restart
Tools to assist you with the iptables configuration:
If this is too complicated for you, you can use tools such as fwbuilder or UFW. Here, we will run you through the UFW Uncomplicated Firewall.
The UFW is a front-end for iptables that makes configuring the firewall easier while working with iptables.
Step 1: Type this command into the terminal to install UFW:
# apt-get install ufw
Step 2: Next, enable the firewall:
# ufw enable
Step 3: enable the default settings.
# ufw default deny incoming
# ufw default allow outgoing
This will deny all incoming connections. To specify which ones to allow – do the following:
Step 4: To allow specific connections. For example, SSH-
# ufw allow ssh
Step 5: ensure the firewall is saved:
# ufw status verbose
Rules may be deleted with the following command:
# ufw delete allow ssh
There! Hope we’ve made this process an easy-to-follow guide for you to configure firewall in Linux.
Are you a seasoned person of Linux, probably Dedicated Servers or Virtual Private Servers? If sure, then I’m certain the safety of your net hosting is a problem that you cannot take lightly.
Viruses, worms and other malicious entities are usually evolving to conquer the contemporary defenses that machine architects and protection businesses can devise. Hence, it is a good exercise to be prepared and ClamAV antivirus is the fine preference, with it being to be had on our cPanel Servers.
What is ClamAV?
ClamAV is an open source antivirus software program used as an internet and mail scanner protecting the laptop from malicious viruses imparting security. It helps multiple file codecs, signature languages and also consists of a multi-threaded scanner daemon. ClamAV is a cross-platform antivirus software program assisting running structures like Windows, Linux, BSD, Solaris and Mac OS X.
Features of ClamAV
Some of the capabilities of ClamAV encompass the subsequent:
- It is a command line scanner with superior gear
- Is able to stumble on over 1 million viruses, trojans, worms, mobile malware amongst others.
- Has integrated help for almost all mail document codecs
- Supports special document formats like HTML, RTF, PDF, TNEF and others
Has a complicated database updater helping scripted updates, digital signatures and DNS based database model queries - Scans inside documents and compressed files and helps report formats like ZIP, RAR, 7Zip, ARJ, Tar, CPIO, Gzip, Bzip2, DMG, IMG and others
How to install ClamAV on Linux?
Now that we’ve seen the functions of ClamAV, allow us to see the way to installation ClamAV on Linux. For your advantage, we’ll be installing ClamAV on Linux Server as well as a standalone personal pc.
Part I:
We are going to put in ClamAV on Linux cPanel in WHM with full root get right of entry to
Step I: Login to your WHM panel as a root user
Step II: Now Click at the cPanel icon and pick Manage Plugins.
Step III: Select ClamAV and click on on ‘Install ClamAV’
Step IV: Your server is now secured with the state-of-the-art updated ClamAV anti-virus.
Part II:
For installing ClamAV on a standalone PC with Linux Operating System comply with the under steps.
Step 1: Open the terminal and sort in the following command. This command installs ClamAV and clamscam, the command-line scanner.
sudo apt-get deploy clamav
Step 2: Since ClamAV is a command line tool, strolling it is able to be a trouble. For that functions, putting in a GUI device is a better choice. ClamTk is a GUI front-give up device for ClamAV the use of perl-Gtk2. It may be discovered within the Software Center or can be mounted manually. Below is the command for manual installation.
sudo apt-get deploy clamtk
How to use ClamAV?
Once you’ve set up ClamAV on Linux, it’s time to apply it. There are a few commands that may be run in clamscan. For instance,
-h, -help: This is for printing assist information and exit.
ResellerBytes shared web hosting products come with ClamAV pre-mounted so you get the excellent in magnificence safety from viruses and other threats. If you have got purchased servers with root get entry to, you could setup ClamAV as special above and experience sturdy safety with your web hosting.
SSH or secure shell service in Ubuntu allows a safe remote access while logging in. It also allows other network communications within an organization. To understand how to enable SSH in Ubuntu and Linux and use it like a pro, let us first understand what is SSH, how important it is and how we can enable it in Ubuntu and Linux.
What is SSH?
SSH is Secure Shell Service, a secure way or channel to access your hosting remotely. By using SSH, we are able to sift through our hosting file structure. By using SSH you can perform a list of tasks. Some of them include:
- Live to monitor for log-files
- Enabling or disabling services for VPS or Dedicated customers
- Installing software to your account
- Managing MySQL databases
Advantages of Installing SSH:
- Allows tunneling of protocols like FTP
- Allowing encryption of data so that malicious attackers are kept at bay
- Protecting IP source routing from malicious users
- Avoids DNS spoofing
How to enable SSH in Ubuntu and Linux
Ubuntu is a Linux OS that is available for community and professional support. Enabling SSH in
Ubuntu will provide remote access login along with other network communications. In order to enable SSH in Ubuntu, follow these steps
Open terminal with Ctrl+Alt+Del
Log into the Ubuntu server and run command studo apt-get install open ssh-server
Once OpenSSH server is installed, make a copy of the default SSH configuration to restore your backup.
Configuration of SSH
After installing SSH, you can enable the configuration by changing default port for security
reasons by disabling the “root” user login.In Order to update the default SSH port, open the SSH configuration file by running this command:
sudo nano /etc/ssh/sshd_configIncase you don’t have nano ( text editor installed) run:sudo apt-get install nano -y
After opening the file, find and change the following line from:
# Port 22 ( if it is your default or whichever may be in your case)
to
Port 1337 (You can use a port number of your choice)
Press Ctrl + W to save and close the file, then Y and press Enter to run.
Now, restart SSH after some time and run this command:
sudo service ssh restart
With this, you are all set to go. You can run SSH into your server by opening the terminal and using your user-id and password.
How to enable SSH in Linux
In order to enable SSH in Linux, follow these two simple steps:
Start by ensuring these configuration files to affirmative:
Configuration file /etc/ssh/sshd_config are set to yes:a) StrictModesb) Pubkey Authentication
Put SSH server daemon in running mode
In order to ensure that the SSH server is up and running in your Linux system, run the following commands:
$ /sbin/service sshd status (to check if it is running)
Incase the SSH server daemon sshd is not running, you can enable the daemon by the following command:
$ /sbin/service sshd start (to enable the daemon)
In this manner, you will easily enable SSH in Ubuntu and Linux. Hope these tips were helpful. In case you have any doubts or feedback for us, feel free to comment. We will make sure that we resolve them for you.
OpenSSH is a suite is based on SSH (Secure Shell) convention giving a protected system to administrations like remote login or remote record exchange. OpenSSH is otherwise called OpenBSD Secure Shell and was at first created as a piece of OpenBSD working framework.
What are the features of OpenSSH?
- OpenSSH is freely available for everyone, their code encourages reusing and auditing of the code.
- OpenSSH has a secure tunnel to forward remote TCP ports through strong encryption (3DES, Blowfish, AES, Arcfour).
- An ad hoc SOCKS (Secure Sockets) proxy server can be created using OpenSSH.
OpenSSH provides secure communication.
Difference between SSH and OpenSSH
SSH | OpenSSH |
---|---|
SSH is a closed source cryptographic network protocol. | OpenSSH is a free open source protocol based on SSH. |
SSH was first released in the year 1995 as SSH-1 protocol, trying to replace TELNET, rlogin, ftp and rsh protocols. | OpenSSH was released in the year 1999, for developers wanting a free software version, the original 1.2.12 release of SSH was released under open source license. |
<Some SSH commands are: Ssh-keygen, ssh-copy-id, ssh-add, ssh-agent, scp, sftp and sshd |
Some commands are: ssh, ssh-keygen, ssh-agent, ssh-keyscan, scp, sftp and sshd |
Requirements
- Root access to your server
- Terminal (Linux)
How to enable OpenSSH on Servers:
In order to get SSH on the server, we need to run the OpenSSH package. For example, Apache is a package and the daemon is httpd. Similarly, OpenSSH is installed on the server and you use this via SSH. At ResellerBytes, OpenSSH is already installed and ready to use on all our Linux Hosting servers and Managed Servers and clients have a complete root access using it. And also Reseller Hosting as well as Shared Hosting.
Although OpenSSH comes pre-installed on various versions of Linux for both the client side as well as server side and is incorporated into many commercial products. However, if you still wish to check if it’s installed then we can run the following commands.
Using OpenSSH on Linux:
To install OpenSSH on Linux, we use Ubuntu as an Operating System on standalone PC.
For Ubuntu/Debian:
Step 1: To install OpenSSH on client side and server side
Type the following command in the terminal and wait till the packages are downloaded and installed.
sudo apt-get install -y openssh-server openssh-client
Step 2: Check if the service is running
Once OpenSSH has been installed you will need to check if the service is running properly or not, run the following command.
service sshd status
Step 3: Configuration
Before editing the configuration file, it is important that you make a copy of the original file in case of any mistake you can reuse this and have the proper settings in place.
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original-copy
I added the original-copy suffix, so every time I see this file I know it is an original copy of the sshd_config file.
Step 4: Connecting to OpenSSH
- By default the service runs on TCP port 22, you can change the port as such: Port 13
- To have sshd allow public key-based login, modify the following line:
PubkeyAuthentication yesIf the line is already present, then make sure it has not been commented. - Restart your OpenSSH server so that the changes in the config file can take place.
sudo /etc/init.d/ssh restart
- If you want to have your OpenSSH server display a nice login banner, then you can do so by modifying the contents of the issue.net file by
Banner /etc/issue.net
Conclusion:
By following the above steps you have successfully learned how to use OpenSSH on Linux. You can read this post too, to know more about using SSH like a Pro.
When it’s about web hosting, balancing performance requirements along with budget aspects are paramount. Finding the cheapest hosting option may be easy, but finding the right hosting option that is reasonable as well as performs well can be quite a task. It is, therefore, important for you to search for a dependable and reliable host that has a reasonable pricing scheme in place.
Talking about Linux dedicated servers, many factors come together in order to influence the total cost of ownership. These factors include the cost of associated software along with initial and ongoing costs. There have been a lot of discussions over the years for dedicated servers and other types of web hosting solutions. But, the experts suggest that dedicated servers are the best. When they say Linux Dedicated servers are ideal, they mean Linux definitely has some advantages over Windows Dedicated servers.
Benefits of Linux Dedicated Servers
Linux dedicated servers play an important role in running and managing most e-commerce websites today. Today, Linux is one of the leading server operating systems and used in the world’s 10 fastest supercomputers. It plays a very important role in the management of e-commerce sites today. Besides, it is amongst the most popular choices in dedicated servers for top businesses today.
The best part of Linux dedicated server is that it can be conveniently installed in hardware and software and is known to be a reliable system to work with. In order to ensure that the operating environment is reliable and safe, Linux dedicated servers offers a lot of scalability to businesses. This, in turn, ensures a safer online presence for the business. Linux dedicated server provides businesses with maximum stability, security, and reliability in the market today along with being an affordable way to maintain a server.
Affordability
As mentioned above, Linux dedicated servers offer a long term solution to most businesses at a reasonable cost. The setup cost is very low, while the operating system is free. That’s because this technology is open source and can be put in practice by many businesses. Dedicated Linux servers can be adapted and upgraded frequently since it is open source. There are multiple free applications designed to integrate with it. The latest versions of software applications are made available for free for those who want to update their existing ones. Businesses on a fixed budget can, thus, make the most out of this technology.
Security
Dedicated Linux servers are secure and rarely crash. They’re designed with security features such as anti-spyware, malware, and firewall services. Users can conveniently control the content and server navigation with ease. This ensures maximum speed and uptime for businesses along with excellent performance. The community supported nature of Linux means that any reported bugs will be tested promptly and fixed.
Reliability
Dedicated Linux servers let you easily expand your business by adding more servers purely due to the scalability of the system. Business operations can also be assured of a secure and reliable environment, making it all the more popular amongst business owners.
For those who use scripting in languages, a dedicated Linux server is a perfect choice, especially if you’re not looking for Windows environment in particular. To conclude, Linux dedicated servers provide the superior set of features allowing you to handle increased traffic while remaining cost-effective.