Samuel Aguilar
Back to the blog
June 21, 2026·Cybersecurity·1 min read

Basic hardening of a Linux server

The first steps to make a Linux server reasonably secure before putting it into production.

When you spin up a new server, it ships too open. These are the minimum settings I always apply before exposing it.

1. Update and reduce the attack surface

apt update && apt full-upgrade -y

Uninstall what you don't use and disable services you don't need. Every open port is a door.

2. SSH: the front door

  • No direct root: PermitRootLogin no.
  • Key only, no password: PasswordAuthentication no.
  • Create your own user with sudo and log in as that user.

3. Firewall default: deny

With ufw, deny everything and open only what's needed:

ufw default deny incoming
ufw allow 22/tcp
ufw enable

4. Fail2ban

It automatically blocks IPs that fail login several times. It's one of the most cost-effective things you can install.

This doesn't make you invulnerable, but it takes 95% of the internet's automated noise off your back.

#linux#hardening#ssh#security
Share on LinkedIn

Related articles

Cybersecurity

HTTP security headers you should have

Cybersecurity

Introduction to OSINT: open source intelligence

Development

Deploying a Next.js app with a database (Vercel + Neon)

Basic hardening of a Linux server · Samuel Aguilar