From the KnowledgeBase

Title:
Linux: Tips for secure and safe installation and operation
Synopsis:
Linux: Tips for secure and safe installation and operation


Solution:

Before attaching a Linux computer to the campus network, itís very important to ensure that it is secure. If the proper precautions are not taken, it is very possible for a new Linux machine to get hacked within minutes of connecting to the network. The following are a set of tips for safely operating your computer. If you are an inexperienced user, OIT strongly encourages that you take the time to read about and understand the security issues involved with the Operating System before plugging into the network.


Installation
If you have purchased a factory install of Linux, it may be advisable to remove it and install a fresh version. You never know what may have already been installed, and you will give yourself greater control and understanding of the system by installing it from scratch. There are many different distributions of Linux available. For an outline of the available distributions, go to: www.linuxiso.org

Keep your computer unplugged from the network while installing. Most distributions have similar install options. Watch for the following install options:

  • What kind of security do you want on your computer? Please choose high security.
  • Do you want the network turned on when you boot your machine? If a beginner, choose no. Once you understand what is involved with networking, you will be able to enable networking on boot-up.

Software / Patches
Make sure to keep your install of Linux at the latest revision level. It is possible to get automatic updates and patches for your computer. For RedHat specific installs you can sign up for RedHat Network (RHN). To do this, run the command up2date at the command line. This works much like the Software Update feature on the Macintosh and Windows Update on PCs.

  • You should disable all nonessential daemons (i.e. NFS, Bind).
  • Always use ssh and scp instead of telnet and scp. This will ensure a secure connection and encryption.
  • If you have a /etc/inetd.conf file, edit it to comment out such things as telnet, talk and finger.

Security
These are a few pieces of software that can help you insure the security of your Linux computer:

  • TripWire keeps a database of your system. If you suspect something has changed, you can use this database to check your suspicions. See: http://www.tripwire.org/
  • Sudo logs all commands executed as root user (or superuser) and allows you to control user access to root commands.  See: www.courtesan.com/sudo/

Resources/News



Last Updated:
March 20, 2015

Solution ID:
9249