Secure Linux

Securing your Linux box may be a never-ending and fun exercise. Some companies are engaged in creating and distributing a “Secure Linux” – but keep in mind we said ‘secure’ was a relative term. The main thing to keep in mind is to reduce the number of services you are running (modify your /etc/rc.d/init.d/ linked scripts as necessary) and turn of some network services with xinetd.

Turn off the finger daemon. It’s a personal box – you should be the only one logged in, and no one really needs to know that.
Turn off telnet. Require SSH to get in.
Keep up to date with new releases.
Make sure you patch/update your Apache as necessary.
Don’t create a bunch of useless accounts with weak passwords.
You can set up a firewall pretty easily with ipchains. Do so. It’s a great first line to drop malicious traffic. There are many HOW-TOs and books on this topic.
Use shadow passwords.
Disable anonymous ftp.
Use tripwire to detect possible malicious changes to sensitive files.
Turn off tftp.
Be sensible about your permission bits.
Don’t use root.