Some tips to improve the security of your Linux

Alejandro (a.k.a KZKG^Gaara)

4 minutes

 Protecting a networked computer is a never-ending challenge that never ends, not even on Linux despite it being more secure than Windows. These simple measures that we recommend in ZDNet they will help you protect your Linux system. The advice is timely given the buzz that ensued in the previous post regarding Linux security.


Do I need a bodyguard? Is my Linux insecure? Well, not exactly, but much of the security of a system depends on the users. A secure system is not one in which the user does not worry about their safety. The tips that I share here have to do with these practices that users and / or the system administrator should take into account to improve their security.

1: Use the encryption keys

For many, this is a nuisance. When you log in, your machine makes requests to connect to a network (or an LDAP server, etc), the system asks you to enter the encryption key of your "keyring" (or keyring). There is a huge temptation to disable this feature, giving you a blank password and thus dismissing the warning that information will be transmitted unencrypted (including the passwords themselves!). This is not a good idea. Although it's really a hassle, this feature is there for a reason - to encrypt sensitive passwords when they are sent over our network.

2: Force users to change their passwords

In any multi-user environment (like Linux), you have to make sure that your users change their passwords from time to time. To do this, use the command change. You can check the expiration of a user's password with the command sudo chage-l USERNAME (where USER NAME is the name of the user you want to check). Now, let's say you want that user's password and force them to change it in the next session. To do this, you can run the command sudo-E EXPIRATION_DATE chage-mM MINIMUM AGE MAXIMUM AGE-IW INACTIVITY_PERIOD DAYS_BEFORE_EXPIRED (where all uppercase options have to be user defined). For more information on this command, see the man page (I typed the command man chage).

3: Don't disable SELinux

Like the keyring, SELinux is there for a reason. SE stands for Security Enhanced and it provides the mechanism that controls access to applications. SE stands for Enhanced Security and provides the mechanism that controls access to applications. I have read a number of "solutions" to various problems where it is recommended to disable SELinux. In reality, more than a solution, this measure ends up generating more problems. If a particular program is not working properly, it is advisable to study a modification of the SELinux policies that better suit your needs rather than disabling SELinux entirely. If you find it cumbersome to do it through the command line, you may want to play with an interface called polgengui.

4: Don't log in as root by default

If you need to do administration on a machine, log in as your regular user and either su to the root user or take advantage of sudo. If you have to administer on a computer, log in as your normal user and use su or sudo to perform that specific task with root privilege. By logging in as the root user, you are effectively preventing potential intruders from one of the biggest security hurdles by allowing them access to systems and subsystems that would not normally be accessible when logging in as a standard user. Log in with your regular account. Forever. It does not matter that entering the blessed root password every time you need to do something is filling your patience.

5: Install security updates quickly

There is a huge difference between the way Linux and Windows handle updates. While Windows typically does a bulk update once in a while, Linux does frequent smaller updates. Ignoring these updates can be disastrous if the proper security hole is not patched on your system. Never forget that some of these updates are security patches that must be applied immediately. For that reason, never ignore the icon that indicates the availability of new updates. Stay up to date, and at the end of the day, you will have a more secure system.

To climb a mountain you have to take small steps

By following these tips to the letter, your system will be much more secure. Of course, this is not a complete list of things you can do to improve your security. This is just the beginning, a sort of list that contains those "silly" things that many users are tempted to do and that significantly impair the security of the system they use.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Adrian2mil10 said
    ago 11 years

    Let's agree that on a single-user home PC some of these things are really annoying, for example typing the password every time you enter the system.

    Reply to Adrian2mil10
  2.   Let's use Linux said
    ago 11 years

    If true. It's cumbersome, but hey ...

    Respond to Let's Use Linux
  3.   botanical said
    ago 11 years

    As always wonderful article 🙂

    Reply to bottico
  4.   daniel said
    ago 10 years

    good advice, however you do not say how to carry it out, you say what to do but not how to do it, for beginners the "how to do it" is very important, it would be good if you published it. the steps

    Reply to daniel