Update Your System – Frequently

Software updates range from critical vulnerability patches to minor bug fixes, and many software vulnerabilities are actually patched by the time they become public.

Usea Limited User Account

Do not give sudo privileges on every user on your systems.Limit privileged commands in /etc/sudoers. It’s not a good practice to ssh into your server as superuser.Use limited users with sudo privileges.

Run What You Need

Regularly check used ports, runnging services.For network used ports – netstat -nputlAlso you may dont need ipv6 support, so disable it . .Disable unnecessary services – systemctl list-unit-files –type=service | grep enabled and disable it with systemctl disable.
chkconfig –list | grep ‘3:on’
service serviceName stop
chkconfig serviceName off

Minimize Software to Minimize Vulnerability
Avoid installing unnecessary software to avoid vulnerabilities in software.Delete all unwanted packages.

# yum list installed
# yum list packageName
# yum remove packageName
OR
# dpkg –list
# dpkg –info packageName
# apt-get remove packageName

User Accounts and Password policy
Use the useradd / usermod commands to create and maintain user accounts. Make sure you have a good and strong password policy. For example, a good password includes at least 8 characters long and mixture of alphabets, number, special character, upper & lower alphabets etc.
Check for users and their passwords. viwp -s or check for yousers with no password cat /etc/shadow | awk -F: ‘($2==””){print $1}‘

Use firewall
It’s highly recommended to enable Linux firewall to secure unauthorised access of your servers. Apply rules in iptables to filters incoming, outgoing and forwarding packets. We can specify the source and destination address to allow and deny in specific udp/tcp port number.