10-Step Linux Server Security Hardening Checklist for 2026
Last updated: July 12, 2026
If you run a Linux server — whether it’s a single VPS for a side project or a fleet of production machines — security can’t be an afterthought. In 2026, automated bots scan the entire IPv4 space every few hours looking for open SSH ports, default configurations, and known vulnerabilities.
This guide covers the 10 most impactful hardening steps you can take today. Each step comes with a concrete command or script — no theory, just action.
1. Harden SSH Access
SSH is the most attacked service on any Linux server. Lock it down:
- Disable root login:
PermitRootLogin no - Use key-based auth only:
PasswordAuthentication no - Change the default port (optional but effective)
- Install and configure Fail2ban
- Use strong ciphers (avoid CBC mode)
For a fully automated version, our Linux Security Hardening Guide includes a ready-to-run harden-ssh.sh script.
2. Set Up a Proper Firewall
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow https
ufw allow http
ufw enable
3. Enable Automatic Security Updates
sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades
The Server Automation Toolkit includes a script to automate this across multiple servers.
4. Manage Users with Least Privilege
- Create individual accounts — never share root
- Use
sudowith targeted permissions - Set password expiry policies in
/etc/login.defs - Remove unused default accounts
5. Audit File Permissions
# Find SUID binaries
find / -perm -4000 -type f 2>/dev/null
# Find world-writable files
find / -perm -o+w -type f 2>/dev/null | grep -v proc
6. Set Up Audit Logging
sudo apt install auditd
sudo auditctl -w /etc/passwd -p wa -k passwd_changes
sudo auditctl -w /etc/shadow -p wa -k shadow_changes
7. Deploy Intrusion Detection
# AIDE — file integrity monitoring
sudo apt install aide
sudo aideinit
sudo aide --check
# Rootkit hunter
sudo rkhunter --check --skip-keypress
8. Secure Docker Containers
# In /etc/docker/daemon.json:
{
"userns-remap": "default",
"no-new-privileges": true,
"live-restore": true
}
The Docker DevOps Toolkit includes complete Docker security setup with production-ready compose files.
9. Harden the Linux Kernel
# In /etc/sysctl.d/99-security.conf:
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.all.accept_source_route=0
net.ipv4.tcp_syncookies=1
10. Run Regular Security Audits
Schedule weekly audits checking for open ports, expired SSL certs, failed logins, and available updates. The Server Automation Toolkit includes a security audit script that performs 17 checks and generates a scored report.
Automate all 10 steps with the Linux Security Hardening Guide — a 4,600+ word manual with 4 automation scripts and a 60-item checklist.
For general server management, grab the Server Automation Toolkit with 12 production-ready bash scripts for backups, monitoring, SSL, Docker, and more.