Linux Security Basics

From LQWiki
Jump to: navigation, search

Securing your Linux machine is not a trivial task, but this section will attempt to go over some of the basics. It assumes that you have a working Linux distribution already installed on your machine, or ready to be installed. This is not a comprehensive security guide; rather it describes good practices for getting started.

One of the most important first steps to securing your system is to determine its primary purpose. Is it intended to be a desktop system where one person logs in from the physical machine? Will it be a server accepting many connections from outside clients? Maybe you plan to use it as a firewall or a development machine.

This is important because most standard Linux distributions will install many software packages that you will not use. Most systems will have a graphical package manager you can use to remove unneeded software. If you're not sure about a package or its dependencies, leave it alone for now. This can take some time, but try to get familiar with as many as you can. The more you can safely trim away, the less likely an intruder will find a way to abuse your system.

Once this basic cleanup is done, you should have a system that is fairly streamlined to your needs. The next thing to do is a quick check for any daemons (services) that you can get rid of. From the console or an xterm, use the 'ps aux' command to list the running processes. Again, think of what you plan to do with the system. Try to get rid of anything you won't use (ex: do you really need a web server on your desktop machine?). Then try to replace any remaining plaintext services with encrypted ones (ex: telnet and ftp can go away in favor of ssh). Once again, it is safest to use your distribution's package manager to make these changes.

Another important process is to update software packages in which security variabilities has been fixed. Such updates are usually announced by your distribution, e.g. Gentoo [1], SuSE [2]. Most distributions provide an automatic or semiautomatic approach to getting all security updates. Another approach is simply to once a month to get all updates for all software packages. This eliminates the need to check security announcements, but requires more upgrading, which may induce problems.

It's important that the "regular user account for your daily use" should be completely ordinary. It should not belong to any special groups (such as "wheel"), should not have special privileges of any sort. When you are doing system maintenance (of a non-rootly sort), set up a separate user account for that purpose, and use it only for that purpose. If you need to perform tasks for which you need root account privileges, use sudo instead.

External links