- Limit remote connections: If you are only going to connect to your Linux
server from the college's subnet, why not limit all remote connections except
for httpd and ftpd to your college's subnet? More information can be found
here
- Disable unused services:
- Keep your system updated by installing available patches: This is imperitive
to keeping a secure system. Patches for RedHat Linux systems can be found
here, and the latest news on new
patches and security holes can be found here.
-
Restrict the use of root, and run programs at Least Privelaged Access: Being
root, is essentially being the god of your Linux system. Improper use of
root can have catistrophic results. More information on this can be found
here,
while information on Least Privelaged Access can be found in
this excerpt
from the Linux Security Home Page.
-
Shadow Passwords: To put it plainly, by shadowing you passwords you are relocating
them to another location (usually /etc/shadow) and making them only readable by root. More
infomation on password shadowing can be found in the
Linux Shadow Password How-To.
-
Encrypt your connection: Anyone with a basic password sniffer connected to
an unencrypted subnet can snag hundreds of passwords. Even having a Firewall won't
keep you completely safe. To secure your connection try Secure Shell, located
in the Security Resources section.
-
Keep your kernel updated: New holes in the kernel are found every day. Protect yourself!
Visit LinuxHQ for the latest kernel update
and installation information.
-
Be as secretive about your system as possible: Why should people be
able to obtain information about your system? Through fingering a user they
can find out personal information that could help them guess the user's
password, therefore compromising the system's security. They can find out
information such as how many users there are,
when the admin logs in, when they work, who the users are, etc.
See Limiting Remote Connections at the top for more information.
-
Monitor your log files consistantly: Your logfiles tell you everything. They
are the only way to know what is going on inside of your Linux system. If they are too
short, there is the possibility that someone has modified them to erase their tracks. The
logfiles show you who logged in, where they came from, what they tried to do, etc. Check
the Security-Related Software section for utilities to monitor your log files.
-
Require unique passwords: Passwords are the key. When a user chooses a stupid
password, such as their first name, their dog's name, or their middle name, they are a
threat to system security. When installing shadow passwords, you are given the option
to require unique passwords. Also, running Crack (available in the
Security-Related Software section) can help you find weak passwords.