This is a brief security overview for Linux beginners, covering the basics of maintaining a relatively secure Linux system.
Should you worry about your computer's security? Ask yourself this: Do you lock your house when you're not home and draw your curtains when you want some privacy? Of course you do. Just because break-ins are rare doesn't mean that you should carelessly leave everything wide open.
Types of people who might hack your system:
In order to secure your computer, you've got to figure out how a malicious hacker would view the system. What services are potential holes just waiting to be exploited? If you don't need something, disable it!
Disable unused services in /etc/inetd.conf by putting a ”#” in front of each line that you don't want to use and then restarting inetd. You probably won't need any of the following services on a typical machine, so they can be safely disabled in inetd.conf:
Disable unused services in your default runlevel. You should check a service's documentation before you disable it, as some runlevel services are necessary for a system to function properly. You can edit your runlevel services by running “linuxconf” at the command line. Most systems typically are in runlevel 3 (startup at the command line) or 5 (startup in X).
Portscan your own machine with a tool like nmap. If a service you don't know about is listening on a port, track it down and determine whether you want it running. Investigate your system's running processes with the command “ps aux”. This lists all processes currently running so that you can disable anything that you don't want around.
Logging in to a computer without authentication and without encryption is like having sex with a complete stranger, in public. It may seem more convenient at the moment, but in the end, you'll just end up getting screwed.
Good passwords are absolutely critical. Include numbers, punctuation, and both uppercase and lowercase letters. Examples of bad passwords:
Use shadow passwords. Most newer Linux distributions do this automatically.
Telnet is a Bad Thing. Use secure shell (ssh) instead. Telnet sends your password and all of your data over the network in plaintext for anyone to read. Secure shell encrypts not only the data, but your password too.
Don't use root unnecessarily. For day to day stuff, use a normal unprivileged user account. Only login as root for system administration. You can temporarily switch to root as a normal user with the “su” command.
Be careful to whom you give out accounts. If you don't trust your friends to be as security-concious as you are, then don't give them accounts on your machine.
It's not enough to simply setup your system once and then blindly continue about your business without a further thought to security. If you want to remain secure, you've got to continually stay abreast of the latest security developments.
At the minimum, regularly apply security updates for your Linux distribution. This is probably the single most important thing you can do to increase your system's security. Updates are available for Redhat, Mandrake, Debian, SuSE, Caldera, etc.
Possibly follow a security mailing list such as BugTraq.
For even more security, there are many other measures you can take.
Check your logs regularly for weird stuff. Your logs have all kinds of useful information, including failed login attempts. This might help you spot a potential hacker before your system is compromised. System logs can usually be found in /var/log/
Scan your files for suid root permissions. Suid root permissions allow any user to run a file as if they were the root user.
Watch your binaries for changes. Often the first thing a hacker will do after compromising a system is to replace trusted system binaries with modified versions that hide the hacker's presence, create backdoors for later re-entry, etc. Tools like tripwire allow you to be immediately notified when certain system binaries are modified. Make use of sudo. Sudo allows you to restrict who can change to the root user.
Considering firewalling. Firewalling allows you to block certain incoming our outgoing data packets selectively. The Linux kernel has built-in firewalling code that can be accessed with IP Chains.