- university home
- a-z index
- help
- terms and conditions
- privacy and cookie policy
- © 2002-2012 University of Bristol
Use a well-maintained up-to-date distribution with a good track record on releasing security fixes. RedHat certainly meets this criterion, Slackware doesn't.
Disable any services that you don't need your box to offer. Examples might be:
Anything that remains (telnet, ftp, smtp, etc) should be protected using tcpwrappers, to control which machines can access them (you need some form of mail software to allow you to receive the output of things like cron jobs - however, it should generally be configured so that only the machine itself can talk to port 25).
Using IP firewalling might also be useful but it's more complex to configure.
For NFS, only export necessary filesystems. Ensure that you have restricted the machines that can connect to them.
Samba allows you to configure which machines can access its shares. See the allow hosts and deny hosts entries in the smb.conf man page for more information.
As few people as possible should have access to the root password. Do not work as root unless absolutely necessary - create yourself a user account instead.
Read appropriate security mailing lists, depending on the distribution you use. Apply appropriate fixes.
Update the kernel as necessary to deal with things like teardrop. Generally, use the latest stable kernel, unless you absolutely need to use an unstable development kernel.
Read the Linux Security HOWTO, which covers the points in here but in much more depth.
Remember that the only totally secure computer system is one that's been switched off, disconnected from the network, encased in concrete, and been dropped in the middle of the ocean. Even then, I wouldn't guarantee it.