From the KnowledgeBase
Linux: Tips for secure and safe installation and operation
Before attaching a Linux computer to the campus network, itís very important to ensure that it is secure. If the proper precautions are not taken, it is very possible for a new Linux machine to get hacked within minutes of connecting to the network. The following are a set of tips for safely operating your computer. If you are an inexperienced user, OIT strongly encourages that you take the time to read about and understand the security issues involved with the Operating System before plugging into the network.
If you have purchased a factory install of Linux, it may be advisable to remove it and install a fresh version. You never know what may have already been installed, and you will give yourself greater control and understanding of the system by installing it from scratch. There are many different distributions of Linux available. For an outline of the available distributions, go to: www.linuxiso.org
Keep your computer unplugged from the network while installing. Most distributions have similar install options. Watch for the following install options:
- What kind of security do you want on your computer? Please choose high security.
- Do you want the network turned on when you boot your machine? If a beginner, choose no. Once you understand what is involved with networking, you will be able to enable networking on boot-up.
Software / Patches
Make sure to keep your install of Linux at the latest revision level. It is possible to get automatic updates and patches for your computer. For RedHat specific installs you can sign up for RedHat Network (RHN). To do this, run the command up2date at the command line. This works much like the Software Update feature on the Macintosh and Windows Update on PCs.
- Most distributions come with TCP wrappers and IPtables installed. For details: http://www.linuxnewbie.org/nhf/Security/IPtables_Basics.html
- You should disable all nonessential daemons (i.e. NFS, Bind).
- Always use ssh and scp instead of telnet and scp. This will ensure a secure connection and encryption.
- If you have a /etc/inetd.conf file, edit it to comment out such things as telnet, talk and finger.
These are a few pieces of software that can help you insure the security of your Linux computer:
- TripWire keeps a database of your system. If you suspect something has changed, you can use this database to check your suspicions. See: http://www.tripwire.org/
- Sudo logs all commands executed as root user (or superuser) and allows you to control user access to root commands. See: www.courtesan.com/sudo/
- Bastille-Linux is an easy to use Linux firewall. See www.bastille-linux.org/
- General Linux information can be found at: http://freshmeat.net/ and http://www.linuxnewbie.org/
- Updated security information can be found at: http://www.cert.org/ and http://www.theregister.co.uk/