Security
Why Security Matters
The moment your Linux machine connects to the Internet, it is visible to the entire world. Automated scanners constantly probe for open ports and known vulnerabilities. A few simple precautions dramatically reduce your attack surface.
Essential First Steps
- Apply updates immediately after installation. Many distros ship with known vulnerabilities already patched in the repos.
- Use strong passwords. Avoid dictionary words; mix letters, numbers and symbols.
- Disable root login over SSH. Use
sudoorsuinstead. - Close unused ports. Disable services you don't need.
- Enable a firewall. Even a simple packet filter helps enormously.
Checking Open Ports
See which services are listening on your machine:
# netstat -tulpn Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1234/sshd tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5678/httpd udp 0 0 0.0.0.0:111 0.0.0.0:* 456/portmap # nmap -sT localhost # scan yourself
Every port you don't need should be closed by disabling the corresponding service in /etc/inetd.conf or via your distro's service manager.
Firewall with ipchains / iptables
The Linux kernel includes a built-in firewall. On kernel 2.2 use
ipchains; on 2.4+ use iptables.
# Basic iptables rules — drop all incoming, allow established # iptables -P INPUT DROP # iptables -P FORWARD DROP # iptables -P OUTPUT ACCEPT # iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # iptables -A INPUT -i lo -j ACCEPT # iptables -A INPUT -p tcp --dport 22 -j ACCEPT # allow SSH
Password and File Security
- Use shadow passwords (
/etc/shadow) to keep hashed passwords away from world-readable files. - Check file permissions with
ls -la. Be suspicious of SUID binaries. - Run
find / -perm -4000 -type fto list all SUID files. - Consider tools like Tripwire to detect file tampering.
Staying Informed
Keep up with security advisories from your distribution's security mailing list, and check resources like: