Securing your Linux box may be a never-ending and fun exercise. Some companies are engaged in creating and distributing a “Secure Linux” – but keep in mind we said ‘secure’ was a relative term. The main thing to keep in mind is to reduce the number of services you are running (modify your /etc/rc.d/init.d/ linked scripts as necessary) and turn of some network services with xinetd.
- Turn off the finger daemon. It’s a personal box – you should be the only one logged in, and no one really needs to know that.
- Turn off telnet. Require SSH to get in.
- Keep up to date with new releases.
- Make sure you patch/update your Apache as necessary.
- Don’t create a bunch of useless accounts with weak passwords.
- You can set up a firewall pretty easily with
ipchains. Do so. It’s a great first line to drop malicious traffic. There are many HOW-TOs and books on this topic.
- Use shadow passwords.
- Disable anonymous ftp.
- Use tripwire to detect possible malicious changes to sensitive files.
- Turn off tftp.
- Be sensible about your permission bits.
- Don’t use root.