Archive

How to check RAM usage in Linux

Check the amount of RAM usage with the commandfree:

free is the most common command to check Linux system memory usage. Shows information about total memory, used and free memory.

Usually, free is called with the -h option, which means to show the output in a human-readable format:

free -h

Output:

              total        used        free      shared  buff/cache   available  Mem:           3936        1087         252         130        2596        2427  Swap:             0           0           0

Meaning of each column:

  • total – the total amount of memory that can be used by programs.
  • used – Memory used.
  • free – free/unused memory.
  • shared  – This column can be ignored. This is shown for backward compatibility only.
  • buff/cache – combined memory used by core buffer and page and slab cache. This memory can be retrieved at any time if needed by applications.
  • available  – An estimate of the memory that is available to start new programs, without swapping.

The free command shows information about physical memory and system switching.

Check the amount of RAM usage with the commandtop:

top is a command-line utility that displays real-time information about running processes. It also shows a system summary, including memory usage.

To invoke the command, simply type top:

top

Output:

 

The output header contains information about the total, free and swapped physical memory of the system.

The %MEM column provides information about the share of available physical memory usage for each running process.

Checking the amount of RAM usage /proc/meminfo:

The easiest way to check the amount of RAM memory usage is to display the virtual content of the proc / proc / meminfo file. This file is used by free, top, ps and other system information commands.

Use less or cat to view the contents of the /proc/meminfo file:

cat /proc/meminfo

This file contains a lot of information about system memory and swap usage:

MemTotal:        4030592 kB  MemFree:          401804 kB  MemAvailable:    2507504 kB  ...

The information in the /proc/meminfo file can be parsed and used in shell scripts.

Check RAM usage with scriptps_mem:

ps_mem is a Python script that reports the amount of RAM memory used by each program. It works with Python 2 and 3 and can be installed with pip :

sudo pip3 install ps_mem

This script requires admin privileges. To launch it, type sudo ps_mem in your terminal:

sudo ps_mem

The output will contain the memory of each running program in ascending order:

 Private  +   Shared  =  RAM used	Program  ...   ۱۱٫۹ MiB +  20.2 MiB =  32.1 MiB	nginx (4)    ۸٫۲ MiB +  42.4 MiB =  50.6 MiB	systemd-journald   ۵۵٫۸ MiB + 307.2 MiB = 363.0 MiB	php-fpm7.4 (6)  ۲۳۳٫۹ MiB + 234.0 MiB = 467.9 MiB	redis-server  ۵۷۸٫۲ MiB + 578.6 MiB =   1.1 GiB	mysqld  ---------------------------------                            ۲٫۲ GiB  =================================  

This script is useful when you want to find out which running program is taking up most of your system memory.

Secure Apache with Let’s Encrypt on Ubuntu 20.04

Let’s Encrypt is a certificate authority created by the Internet Security Research Group (ISRG). It offers free SSL certificates through a fully automated process designed to eliminate manual certificate, validation, installation and license renewal. Certificates issued by Let’s Encrypt are valid for 90 days from the date of issue and are trusted by all major browsers today.

prerequisites

Ensure the following prerequisites are met before proceeding:

  • You are logged in as root or a user with sudo privileges.
  • The domain you want to obtain an SSL license for must point to your public server IP . We will use example.com.
  • Apache is installed.

 

Install Certbot

We will use Certbot to obtain the certificate. It is a command line tool that handles the tasks related to obtaining and renewing Let’s Encrypt SSL certificates. The certbot package is included in the default Ubuntu repositories. Update the package list and install certbot using the following commands:

sudo apt update  sudo apt install certbot

 

Generate the Strong Dh (Diffie-Hellma) group

Diffie-Hellman (DH) key exchange is a method for securely exchanging cryptographic keys over an insecure communication channel. To enhance security, create a new set of 2048-bit DH parameters:

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

You can change the size up to 4096 bits, but depending on the entropy of the system, it may take more than 30 minutes to generate.

Obtaining a Let’s Encrypt SSL license

To obtain an SSL certificate for the domain, we want to use the Webroot plugin, which creates a temporary file to verify the requested domain in the directory. ${webroot-path}/.well-known/acme-challenge

Let’s Encrypt server to validate the HTTP request to the temporary file to validate the requested domain to the server where Certbot is running.

Run the following instructions to create the directory and write it to the Apache server.

sudo mkdir -p /var/lib/letsencrypt/.well-knownsudo chgrp www-data /var/lib/letsencryptsudo chmod g+s /var/lib/letsencrypt

To avoid copying code and save more settings, create the following two configuration pieces:

Alias /.well-known/acme-challenge/ "/var/lib/letsencrypt/.well-known/acme-challenge/"  <Directory "/var/lib/letsencrypt/">  AllowOverride None  Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec  Require method GET POST OPTIONS  </Directory>
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384 :ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 SSLHonorCipherOrder off SSLSessionTickets off

SSLUseStapling On
SSLStaplingCache “shmcb:logs/ssl_stapling(32768)”

SSLOpenSSLConfCmd DHParameters "/etc/ssl/certs/dhparam.pem"
Header always set Strict-Transport-Security "max-age=63072000"

 

The above snippet enables OCSP Stapling, HTTP Strict Transport Security (HSTS), and enforces several security-oriented HTTP headers using Mozilla-recommended chips.

Before enabling the configuration files, ensure that both mod_ssl and mod_headers are enabled by issuing:

sudo a2enmod ssl  sudo a2enmod headers

 

Next, enable the SSL configuration files by running the following commands:

sudo a2enconf letsencryptsudo a2enconf ssl-params

Enable the HTTP/2 module, which makes your sites faster and more powerful:

sudo a2enmod http2

Download the Apache configuration to apply the changes:

sudo systemctl reload apache2

Now we can run the Certbot tool with the webroot plugin and get the SSL certificate files:

sudo certbot certonly --agree-tos --email [email protected] --webroot -w /var/lib/letsencrypt/ -d example.com -d www.example.com

 

If the SSL certificate is successfully obtained, certbot prints the following message:

IMPORTANT NOTES:   - Congratulations! Your certificate and chain have been saved at:     /etc/letsencrypt/live/example.com/fullchain.pem     Your key file has been saved at:     /etc/letsencrypt/live/example.com/privkey.pem     Your cert will expire on 2020-10-06. To obtain a new or tweaked     version of this certificate in the future, simply run certbot     again. To non-interactively renew *all* of your certificates, run     "certbot renew"   - Your account credentials have been saved in your Certbot     configuration directory at /etc/letsencrypt. You should make a     secure backup of this folder now. This configuration directory will     also contain certificates and private keys obtained by Certbot so     making regular backups of this folder is ideal.   - If you like Certbot, please consider supporting our work by:       Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate     Donating to EFF:                    https://eff.org/donate-le

Now that you have the certificate files, edit your domain virtual host configuration as follows:

<VirtualHost *:80>   ServerName mail.digital.mk
Redirect permanent / https://mail.digital.mk/  </VirtualHost>
<VirtualHost *:443>  ServerName mail.digital.mk

Protocols h2 http:/1.1

<If "%{HTTP_HOST} == 'www.mail.digital.mk'">  Redirect permanent / https://mail.digital.mk/  </If>

DocumentRoot /var/www/mail.digital.mk/public_html
ErrorLog ${APACHE_LOG_DIR}/mail.digital.mk-error.log
CustomLog ${APACHE_LOG_DIR}/mail.digital.mk-access.log combined

SSLEngine On  SSLCertificateFile /etc/letsencrypt/live/mail.digital.mk/fullchain.pem  SSLCertificateKeyFile /etc/letsencrypt/live/mail.digital.mk/privkey.pem
# Other Apache Configuration
</VirtualHost>

 

With the above configuration, we force HTTPS and redirect from www to non-www version. Adjust easily to adjust the settings to suit your needs.

To apply the changes, reload the Apache service:

sudo systemctl reload apache2

You can now open your website using https:// and you will notice a green lock icon.

If you test your domain using SSL Labs Server Test, you will get an A+ grade as shown below:

 

Allow encrypted certificates to be valid for 90 days. To automatically renew certificates before they expire, the certbot package creates a cronjob that runs twice a day and automatically renews each certificate 30 days before they expire.

After renewing the certificate, we have to download the Apache service. Add the –ren-hook “systemctl reload apache2” attachment to the /etc/cron.d/certbot file so that it looks like this:

۰ */۱۲ * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew --renew-hook "systemctl reload apache2"

To test the renewal process, you can use the certbot –dry run switch

sudo certbot renew --dry-run

If there is no error, it means that the renewal process was successful.

Installing RPM packages in Ubuntu

Before you begin:

This is not the recommended method for installing software packages in Ubuntu. If possible, preferably install software from the Ubuntu repositories.

Not all RPM packages can be installed on Ubuntu. Installing packaged RPMs on Ubuntu may result in package dependency conflicts.

You should never use this method to replace or update critical system packages such as libc, systemd, or other services and libraries that are necessary for your system to function properly. Doing so may result in system installation errors

Install Alien:

Alien is a tool that supports conversion between Red Hat rpm, Debian deb, Stampede slp, Slackware tgz and Solaris pkg.
Before installing the Alien package, make sure that the Universe repository is enabled on your system:

sudo add-apt-repository universe

After the repository is activated, update the package list and install the alien package with the following:

sudo apt update  sudo apt install alien

The above command also installs the necessary build tools.

Convert and install the RPM package:

To convert a package from RPM to DEB format, use the alien command followed by the name of the RPM package:

sudo alien package_name.rpm

Depending on the size of the package, the conversion may take some time. In most cases, you print warning messages on your screen. If the package is successfully converted, the output shows that the DEB package has been generated:

package_name.deb generated  

To install the deb package, you can use dpkg or apt:

sudo dpkg -i package_name.deb
sudo apt install ./package_name.deb

Assuming it is compatible with your system and all dependencies are met, the package should now be installed.

Direct installation of RPM package:

Instead of converting and then installing the package, you can use the -i option, which tells Alien to install the RPM package directly.

sudo alien -i package_name.rpm

The above command will automatically generate and install the package and after installation, remove the package.

who command in Linux

How to use the who command:

The main syntax of the who command is as follows:

who [OPTION]... [ FILE | ARG1 ARG2 ]  

When called without any options or arguments, the output is something like this:

root     pts/0        2020-11-17 20:10 (10.10.0.2)  shetaban    pts/1        2020-11-17 20:11 (10.10.0.8)

The who command produces a formatted list of all users currently logged into the system.

Each line consists of four fields separated by one or more spaces:

  • Registered user name
  • User terminal
  • When the user is logged in.
  • The hostname or IP address from where the user logged in. To force Ips, use the –ips option.

If you want to print column headings, add the -H (–heading) option:

who -h

Output:

NAME      LINE         TIME             COMMENT  root      pts/0        2020-11-17 20:10 (10.10.0.2)  linuxize  pts/1        2020-11-17 20:11 (10.10.0.8)

This command captures information about the system and people logged in from the /var/run/utmp file. If you want to use another file, pass the file path to the command.

The who command accepts two non-optional arguments. When invoked with two arguments, the command prints only information about the terminal associated with the current user. The same output is displayed when using the -m option.

You can use either argument:

who am i  who mom love  who foo bar  who -m

Each of the above commands prints the same information:

shetaban pts/1        2020-11-17 20:11 (10.10.0.8)  

who command options:

The who command accepts several rarely used options.

The -b, –boot option tells you who last printed the system boot:

         system boot  2020-07-20 19:02  

To get a list of all dead processes, use the -d, –dead option:

who -d

The -r, –runlevel option tells who to show the current level:

who -r

Output:

         run-level 5  2020-07-20 19:02  

To get just the username and the number of currently logged in users, use the -q, –count option:

who -q

Output:

root shetaban  # users=2

The -a option forces everyone to print all information:

who -a

Output:

system boot  2020-07-20 19:02  LOGIN      tty1         2020-07-20 19:02               673 id=tty1             run-level

The command to delete files and directories in Linux

Linux: A Powerful and Flexible Operating System

Linux, a popular open-source operating system, has gained the attention of many users due to its high stability, security, and flexibility. Unlike Windows, which uses a graphical user interface, many commands in Linux are executed by writing code in the command line. This may seem a bit complicated at first, but by learning the basic commands, you can easily take advantage of the power and efficiency of Linux.

Useful Linux Commands

In this article, we will introduce some of the useful and important Linux commands that every user should be familiar with.

Deleting Files and Directories

  • rmdir command: Used to delete directories.
  • rm command: Used to delete files.
  • rm -rf command: Used to completely delete a directory and all its contents.

Copying Files and Directories

  • cp command: Used to copy files and directories.
  • cp -r command: Used to copy a directory and all its contents.

Creating Directories

  • mkdir command: Used to create new directories.
  • mkdir -p command: Used to create nested directories.

Deleting Programs

  • apt remove command: Used to delete programs in Ubuntu, Mint, and Pop distributions.
  • apt-get remove command: Used to delete programs in Debian and Kali distributions.
  • pacman -R command: Used to delete programs in Arch distributions.
  • dnf remove command: Used to delete programs in Fedora Linux distributions.
  • zypper remove command: Used to delete programs in OpenSUSE Linux.
  • snap remove command: Used to delete Snap programs.

Important Notes:

  • To use Linux commands, you must have access to the command line (terminal).
  • The Linux command line is case-sensitive.
  • To view more information about each command, you can use the man command.

Benefits of Using Linux

  • Open source: Linux is an open-source operating system, which means its source code is available to everyone and you can download, install, and use it for free.
  • Security: Linux is known as one of the most secure operating systems due to its secure architecture.
  • Stability: Linux is widely used for servers and critical systems due to its high stability.
  • Flexibility: Linux allows you to configure the operating system to meet your specific needs.
  • Free: Linux is available for free and there is no need to pay to use it.

Linux can be an ideal choice for professionals, programmers, system administrators, and anyone looking for a powerful, secure, and flexible operating system.

Installing the Gnome GUI on Linux

Linux admins spend a lot of time working in a terminal. While some are interested in continuing their work in a graphical user interface or GUI instead of a terminal. By default, CentOS 7 installs the minimum components required for a server, and to change the type of installation, there is definitely a need for user intervention. In this relatively short tutorial, we will show you how to install the Gnome GUI on a CentOS 7 server.

Before you install the Gnome GUI, create a local yum repository so you don’t need to fetch packages from the Internet.

Run the following command to find out the list of packages available for CentOS 7.

1
# yum group list

output

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
Loaded plugins: fastestmirror
There is no installed groups file.
Maybe run: yum groups mark convert (see man yum)
Loading mirror speeds from cached hostfile
Available Environment Groups:
Minimal Install
Compute Node
Infrastructure Server
File and Print Server
Basic Web Server
Virtualization Host
Server with GUI
GNOME Desktop
KDE Plasma Workspaces
Development and Creative Workstation
Available Groups:
Compatibility Libraries
Console Internet Tools
Development Tools
Graphical Administration Tools
Legacy UNIX Compatibility
Scientific Support
Security Tools
Smart Card Support
System Administration Tools
System Management
Done

Step 1) Install Gnome GUI packages with yum command

For CentOS 7 based system we have:

1
# yum groupinstall "GNOME Desktop" "Graphical Administration Tools"

For RHEL 7, it is done as follows.

1
# yum groupinstall "Server with GUI"

Step 2) Enable the Gnome user interface to run at system startup

On CentOS 7 / RHEL 7 systems, the system tool uses “targets” instead of runlevel. The /etc/inittab file is no longer used to change run levels. So, you can add the GUI to the system startup using the following command.

1
# ln -sf /lib/systemd/system/runlevel5.target /etc/systemd/system/default.target

Step 3) Restart the system to start working graphically

1
# reboot

License Agreement

Accept the terms by clicking on the “LICENSE INFORMATION” option.

Gnome GUI installation agreement page

Check the “I accept the license agreement” option and click the Done button.

Now click on “FINISH CONFIGURATION” option to finish the configuration.

End of license agreement to install Gnome GUI

Next, you may need some basic settings such as creating the first user, setting the language, etc., which you must do.

Finally, you will be presented with the GUI desktop page.

GUI desktop page

In this way, Gnome GUI has been successfully installed on CentOS 7 / RHEL 7 Linux. We hope that this article has also received your attention.

Installing Laravel and Composer on the cPanel server

Laravel is a free and open source PHP framework for developing web applications. Some of the features of Laravel are a modular packaging system with a dedicated dependency manager, different methods for accessing relational databases. Laravel, along with Symfony2, Nette, CodeIgniter, Yii2, etc., is known as one of the most popular PHP frameworks. Laravel tries to make things easier by reducing common tasks used in most web projects, such as authentication, routing, sessions, queuing and caching. Laravel provides the powerful tools needed for large and robust applications. It supports multiple platforms and allows users to develop MVC web applications.

Server requirements

The Laravel framework has several system items. You need to make sure that your server meets the following conditions:

1
2
3
4
5
6
7
8
9
PHP &gt;= 5.6.4
OpenSSL PHP Extension
PDO PHP Extension
Mbstring PHP Extension
Tokenizer PHP Extension
XML PHP Extension
Automatic installation of Laravel via Softaculous installation script

Laravel can be installed automatically on cPanel server using Softaculous script installer software. Log in to cPanel and find the Softaculous menu under Software and Services. Once done, you will be redirected to the Softaculous home page. Type Laravel in the search bar and click on the result. Go to the Install tab, where you will be asked to select the folder where Laravel will be installed. Feel free to choose the directory you need (note that this directory will be created by Softaculous). This is the easiest way to install Laravel.

Manual installation of Laravel

Laravel uses Composer to manage its dependencies. Before using Laravel, make sure you have Composer installed on your machine. It is a tool for dependency management in PHP. It allows you to install the libraries your project depends on and manages them for you. Run the following commands to install Composer and SSH on the server.

1
2
cd / bin
wget https://getcomposer.org/installer

Before installing, let’s check your compatibility using the command below.

1
2
php installer –check
All settings correct for using Composer

If everything looks good, let’s install Composer.

1
2
3
4
php installer
Downloading…
Composer successfully installed to: /bin/composer.phar
Use it: php composer.phar

Now that Composer is installed, we can uninstall the installer.

1
rm -f installer

Now we can use this Composer to install Laravel. Run the following command to install Laravel.

1
php /bin/composer.phar create-project laravel/laravel –prefer-dist

After installing Laravel,

Connect Laravel’s public directory to the public_html folder as a symbolic link like the code below:

1
2
3
rm -rf public_html
ln -s laravel/public/ public_html

After all the installation steps, open the browser and go to the relevant domain. Installation is complete and some configuration settings are required.

Laravel configuration settings

Public Directory

After installing Laravel, you need to configure the document/web root of your web server as a public directory. index.php in this directory is the front controller for all incoming HTTP requests to your application.

Configuration files

All Laravel framework configuration files are stored in the config directory. Each option is documented, so feel free to browse through the files and familiarize yourself with the options available to you.
Directory permissions

After installing Laravel, you may need to configure some permissions. The directories in the cache directory and bootstrap/cache folders must be writable by your web server, otherwise Laravel will not run. If you are using a Homestead virtual machine, these permissions must already be set.

How to install NMAP on Linux?

Network Mapper, abbreviated as NMAP, is an open-source security diagnostic and network inspection tool. This software is designed for fast scanning of large networks, but it also works well on single hosts. NMAP uses raw IP packets in a new way to determine what hosts are available on the network, what services these hosts provide (application name and version), what operating systems they run (what version), what They have filter/firewall package type and many other features. Although NAMP is used for security inspections, many users also use it for routine tasks; Such as network management, service upgrade scheduling management, and hosting or service access time monitoring.

 

Installing NMAP on Linux

Follow the command below to install NMAP:

dnf install nmap -y

Some useful Nmap commands on Linux:

 

Ping scan:

nmap -v -sn google.com

IP address scan:

nmap 192.168.116.147

Checking open ports to determine service and version information:

nmap -v -A google.com

 

nmap -sV google.com

There are other useful commands you can find by checking the NMAP man pages:

man nmap

 

 

How to install Apache JMeter on CentOS 8 / RHEL 8?

Apache JMeter is a product of Apache company, an open source program. A Java-based program designed for performance testing and evaluation. JMeter was originally developed for web application testing, but it has expanded its functions and is now used to test other functions as well. This software may be used to test the performance of static and dynamic resources and dynamic web applications. Usually, this software is used to simulate a heavy load on a server, a group of servers, a network or an object so that their strength can be evaluated or their overall performance can be analyzed under various loads.

In this section, you will learn how to install it on CentOS 8 / RHEL 8.

 

Features of Apache JMeter

  • Some of the features of this software are as follows:
  • The ability to test the performance and load of applications, servers and different protocols such as (FTP, SMTP, TCP, Apache…)
  • Dynamic HTML report generation
  • Extract data in HTML, JSON, XML or any other text format
  • Portable and 100% Java
  • Multi-threading, testing and debugging
  • It has a CLI (Command Line Interface) mode for load testing from any Java compatible operating system
  • Offline storage and analysis / repeat test results

 

Installing Apache JMeter on CentOS 8 / RHEL 8

  1. Install Java

The first step is to install the Java program. This program is compatible with Java 8 and above:

dnf install java-11-openjdk-devel -y

 

After installation, you can confirm the Java version with the help of this command:

java -version

 

  1. Install Apache JMeter

To install, you can download the latest version from its website. Use this command to download:

cd

wget https://downloads.apache.org//jmeter/binaries/apache-jmeter-5.4.1.tgz

ls

 

Now open the downloaded package:

tar zxvf apache-jmeter-5.4.1.tgz

ls

 

After opening, there is no need to install. Just go to the apache-jmeter-5.4.1/bin directory and enable Jmeter with this command:

cd apache-jmeter-5.4.1/bin/

./jmeter

 

The installation is finished. Now you can run JMeter and analyze and evaluate the performance of various services.

Increasing Linux server security

What are the solutions to increase the security of the Linux server? A Linux server is a server on which one of the distributions of the Linux operating system is installed. This server can be considered a type of computer always connected to the Internet, which has a special type of software and hardware. If you also use a Linux server, increasing its security is definitely one of your concerns. Although one of the main reasons for people’s acceptance of Linux servers is their high security, there are solutions with the help of which you can improve this security to the maximum extent.

But why is security so important in Linux servers? Linux server can be used for web hosting, mail server, file storage, etc. That is why it is very important to talk about high security in these servers. One of the advantages of Linux is its open source. Therefore, its security bugs are easily identified and fixed. Considering that hackers may always be able to find a way to infiltrate your server and system, it is essential to strengthen the security layers of your Linux server in several ways. In this article, we have mentioned 13 of the most practical possible solutions to increase the security of the Linux server.

Solutions to increase Linux server security

In what ways can we improve the security of the Linux server? Although one of the main features of Linux is its high security, but for your peace of mind, you have the possibility to adjust the security of this server according to your needs through solutions. Since hackers can always find a way, it is not bad to know these solutions and by doing them, try to improve the security of your Linux server to the maximum extent. In the following, we will introduce 13 practical solutions.

1. Enable open_basedir

One of the ways to increase the security of this server is to activate one of the php services called open_basedir. This system is a kind of security feature in PHP that prevents hackers. With the help of open_basedir, it is possible to make the access of a user through php only limited to the same user. In other words, when a hacker succeeds in penetrating a part of the server, if this feature is enabled, the hacker’s access is limited to that part and he cannot access other parts of the server.

2. Taking help from safe_mode

You are probably familiar with the Safe Mode status on your mobile phone. But this feature is not specific to mobile phones and is also available for operating systems. This mode is designed to remove malicious programs, viruses, find software errors, restore operating system settings, etc. In simpler words, it can be said that Safe Mode is a state of the operating system in which, if it is active, only essential files can be executed.

Enabling safe mode prevents malicious programs from running. If a malicious program is installed on your Linux server, it will run every time Windows boots. Most viruses and malicious programs that infiltrate systems with the intention of hacking servers are designed in such a way that they can disable or remove antiviruses. Therefore, if a malicious program has entered the server, the best solution to prevent it from running is to set Windows to safe mode.

 

3. Disabling remote code execution

One of the methods that hackers use to break into systems is to execute code remotely in the desktop service, which is called Remote Desktop Services. A hacker can run any code they want on your system. For example, it can install its own malicious programs on the server, and in this way, it can learn about the server’s data and even change them. To increase the security of the Linux server, it is better to disable Remote Desktop Services. In general, deactivating services that do not work for the system increases its security.

4. Disable display_error

Display error is a type of error report in php that some programmers activate with the intention of viewing and being informed of php errors. Due to security issues, it is better to disable this service because its activation makes it easier for unauthorized attackers to penetrate the server. Therefore, if you are looking for a way to improve the security of your Linux server, we recommend that you disable this error report and use another solution to view php errors.

5. Input size limitation

One of the ways to increase Linux security and prevent web attacks is to limit the input size. But what does limiting the input size mean? As you probably know, in the php language and in the post method, the data in the HTTP request is hidden in the header.

Sending malicious codes in parts of the site that takes input from the user on the post method is one of the hackers’ methods to penetrate the system. In such a situation, if you limit the input size in the config file, you can prevent attackers from sending these malicious codes.

6. Resource limitation

DOS attacks, which are shortened to Denial of Service attack, are known as Denial of Service attacks. These attacks are carried out by attackers or hackers. The purpose of these attacks is to temporarily or permanently suspend or interrupt the services of the servers hosting a site. One of the solutions that can be used to protect against these attacks to some extent and ensure the security of the Linux server is limiting resources.

7. Disabling some functions

Another way to prevent web attacks is to disable some functions. If you are using shared servers, it is better to close the functions that are threatening to the Linux server. Some of these functions are:

  • curl_multi_info_read
  • curl_multi_init
  • curl_multi_remove_handle
  • curl_multi_select

These functions are located in a file called php.ini.

8. Using the magic_quotes_gps function

Inputs that are sent from the user side to the server may be a security bug for the server for various reasons. Therefore, one of the things that can be done to increase the security of the Linux server is to use the magicquotesgpc function. This function provides the programmer or site developers with the ability to secure user-side inputs to the server to a great extent. To activate and use this function, you must access the php.ini file.

 

9. Disable expose_php

One of the ways to prevent attackers and hackers from infiltrating the server is to prevent them from accessing our server facilities. But how can this be done? Note that whenever php starts, it adds a message containing its version number to the server header. In order to hide this data from hackers, you can set the expose_PHP variable to off. By disabling this feature, the data and web server facilities are not easily available to hackers.

10. Installation of CSF firewall

As another way to increase Linux server security, you can install CSF firewalls, which are also known as firewalls. This system can be considered as one of the best server security services that have been very successful in its kind so far. If you are looking for one of the strictest security elements to improve server security, be sure to install CSF Firewall. As the name suggests, this system works exactly like a firewall.

In other words, after installation, at the entrance of a server, it carefully checks all incoming requests to it. You can enable any security settings you want on the firewall. After that, if any of the incoming requests to the server contradicts the information and settings registered in the firewall, the requests are deleted and prevented from being sent to the server. A firewall is powerful enough to filter and process thousands of gigabytes of data in just a fraction of a second.

11. Installation and configuration of CLAMAV antivirus

If you are looking for one of the best antivirus for Linux operating system, install CLAMAV Antivirus, which has the ability to detect a large number of viruses at the same time. Another advantage of this antivirus is that it is free. In addition to this, the database of this antivirus can be updated automatically. Despite the powerful tools such as the scanner provided by this antivirus, you no longer need to use graphical environments to scan your server; Rather, you can scan the server with the help of this antivirus’s own scanner. Installing CLAMAV antivirus is recommended as one of the ways to increase Linux server security.

 

12. Installing the ModSecurity module

ModSecurity module is a firewall that is installed on the hosting servers. Along with other software and hardware firewalls that you install to keep your server secure, adding this module can also act as a double layer of security. This module is able to control various attacks on the server to a great extent. Note that installing the security mode module alone is not enough to maintain the security of the server, but this module should be used along with other security firewalls to increase the site’s security level.

One of the positive features of this module is its programming power. The security mode can identify and block things that have already damaged the security of the site. Among the applications of this security module, the following can be mentioned:

  • Ability to detect malicious bots and block them
  • Checking any requests sent to the site, such as membership requests from the user
  • Managing site traffic and checking them to ensure the absence of any security bugs
  • Preventing the uploading of some files and managing any uploaded files on the site
  • Managing the execution of commands and preventing the execution of malicious commands

13. Install CXS

As the last way to increase the security of the Linux server in this article, we should mention the installation of CSX. ConfigServer eXploit Scanner is a tool that can scan all files uploaded to the server. You can use this tool to prevent unauthorized attackers from exploiting the site and Linux server. The following are the positive features of this tool that help to maintain the security of the Linux server:

  • CSX tool is able to block loading of suspicious PHP and Perl scripts. These downloads are usually done with the purpose of sending spam or malicious attacks.
  • It has the ability to identify uploaded roots in user accounts.
  • It is able to increase the efficiency and scalability of the server.
support hosting100