Security Hardening Suggestions for Linux Hosts

Set OS system passwords (including administrators and common users) and database account passwords. Set strong passwords for the management account of the web application system. The passwords must contain at least 12 characters.
Set the host login mode to key login.
Do not run applications using the administrator account. Disallow applications (such as webs) to use the database administrator account to interact with databases. Open only necessary ports to the public network. Do not allow public network access to service web console ports and LAN internal communication ports. Disable high-risk ports (such as the SSH port), allow limited source IP addresses to access the ports, or use the O&M stream established by VPNs or bastion hosts.
Periodically back up service data remotely to prevent data loss caused by intrusions.
Periodically detect security vulnerabilities in the system and software, update system security patches in a timely manner, and upgrade the software to the latest official version.
Download and install the software from official channels. For the software downloaded from non-official channels, use antivirus software to scan it before running.
You are advised to use HSS to thoroughly detect the potential security risks of your hosts and applications.
For details about HSS, visit https://www.huaweicloud.com/intl/en-us/product/hss.html.