How to Secure Linux

This document is intended to provide basic and mid-level tips for securing your Linux system.

These tips are designed to apply to most Linux distributions however you may need to consult with help documentation for your particular distribution if some of the commands do not work for you.

General Principles

  • Use a strong password (mix numbers, capital letters, and symbols) with length of eight or more characters.
  • Never log in as root and use sudo instead to execute commands with admin privileges when needed.
  • Maintain software updates.
  • On Red Hat systems: issue command:yum update
  • On other Linux Systems:apt-get update, then apt-get upgrade Be sure to log off and lock the system when you leave it.

1. Disable Unnecessary Services

Sometimes viruses will install services which run on boot.  Check what services are set to boot by the following command:

/sbin/chkcofig –list

A service can be disabled by:

/sbin/chkconfig servicename off

2. Configure firewall through the use of iptables and TCP Wrapper

A good GUI for firewalls on Linux: https://launchpad.net/ufw

3. Install Anti-virus

A good program is ClamAV.

http://www.clamav.net/lang/en/download/packages/packages-linux/

 4. Use SELinux

Find information on SELinux here.

5. Configure or Disable SSH

If you do not use SSH disable it:

/sbin/chkconfig sshd off

If SSH is required then edit the following config file:

/etc/ssh/sshd_config

Find #PermitRootLogin yes and change it to PermitRootLogin no.

6. Disable Telnet if you do not use it
As root, edit the file /etc/xinetd.d/telnet and change disable = no to disable = yes

Save the file and exit. Restart xinetd through /etc/init.d/xinetd restart