How to Secure a Computer:
Linux

Introduction

Note: These procedures are designed for system administrators.

Linux comes in many different flavors. We will address the common elements among them. For local variations, consult your manual.

Specifics

1. Assign secure password to all accounts.
Passwords are your first, best, line of defense in protecting any computer system. Select a secure password on all accounts, especially the superuser (AKA root and uid 0) accounts. Memorize these passwords. Do not write them down.

2. Use shadow password files and, when possible, MD5 encryption.
Most default installs use shadow tables. If the installation process asks whether or not to use them, select USE. If you are prompted to choose an encryption scheme of either 3DES (triple-DES) or MD5, select MD5 as it is the more difficult to crack.

3. Use ssh and sftp.
The ssh and sftp protocols encrypt the traffic that is transmitted across the network. Telnet and regular ftp do not.

4. Use the built-in firewall or the iptables or ipchains utilities.
These utilities help track and lock down network traffic into your machine.

5. Automated patch downloading and installation should be installed if available in your Linux distribution.

6. Keep up to date with security patches:

• SuSE Updates

• Debian Updates & Security

• Mandrake Updates & Security

• Redhat Updates

7. Read and understand the Linux security documentation. Some helpful information can be found at the following sites:

• Securing Linux, part 1

• Securing Linux, part 2

• Miscellaneous Guides and Quick References (from www.linuxsecurity.com)