from http://www.linux.ucla.edu/guides/security.php3

Linux Security: How Not to Get Hacked

This is a brief security overview for Linux beginners, covering the basics of maintaining a relatively secure Linux system.

I. What, me worry?

Should you worry about your computer’s security? Ask yourself this: Do you lock your house when you’re not home and draw your curtains when you want some privacy? Of course you do. Just because break-ins are rare doesn’t mean that you should carelessly leave everything wide open.

Types of people who might hack your system:

• enemies specifically targeting your computer: unlikely unless you have enemies
• script kiddies randomly scanning for insecure computers: pretty likely, especially if you have a dedicated network connection

II. Hack your own system

In order to secure your computer, you’ve got to figure out how a malicious hacker would view the system. What services are potential holes just waiting to be exploited?

1. If you don’t need something, disable it!
   1. Disable unused services in /etc/inetd.conf by putting a “#” in front of each line that you don’t want to use and then restarting inetd. You probably won’t need any of the following services on a typical machine, so they can be safely disabled in inetd.conf:
      • echo: network diagnostics
      • chargen: random character generation
      • discard: throws away data
      • daytime: time synchronization
      • time: time synchronization
      • ftp: File Transfer Protocol
        (Only necessary if you want to run your own local FTP server.)
      • telnet: insecure remote shell logins
      • shell: insecure remote shell logins
      • login: insecure remote shell logins
      • exec: insecure remote command execution
      • comsat: incoming mail reporting service
      • talk: remote user chat server
      • ntalk: remote user chat server
      • dtalk: remote user chat server
      • pop-2: email access server
      • pop-3: email access server
      • imap: email folder access server
      • uucp: news transfer server
      • smtp: local email server
        (You’ll only need this if you’re going to run your own email server instead of using something like BruinOnline for your email.)
      • finger: insecure user info service
      • cfinger: secure user info service
        (You won’t need this unless you want to let people obtain information about your local users.)
      • systat: process information service
      • netstat: network information service
      • tftp: insecure, simplified version of FTP
      • bootps: bootp (internet address) server
      • mountd: Network File System mount server
      • rstatd: monitor for Remote Procedure Calls
      • rusersd: information about logged in users
      • walld: user messages server
      • auth or identd: user identification
        (You’ll want to keep this if you use Internet Relay Chat or any other service that requires user identification.)
      • linuxconf: remote Linux administration
   2. Disable unused services in your default runlevel. You should check a service’s documentation before you disable it, as some runlevel services are necessary for a system to function properly. You can edit your runlevel services by running “linuxconf” at the command line. Most systems typically are in runlevel 3 (startup at the command line) or 5 (startup in X).
2. Portscan your own machine with a tool like nmap. If a service you don’t know about is listening on a port, track it down and determine whether you want it running.
3. Investigate your system’s running processes with the command “ps aux”. This lists all processes currently running so that you can disable anything that you don’t want around.

III. Practice safe connects

Logging in to a computer without authentication and without encryption is like having sex with a complete stranger, in public. It may seem more convenient at the moment, but in the end, you’ll just end up getting screwed.

1. Good passwords are absolutely critical. Include numbers, punctuation, and both uppercase and lowercase letters. Examples of bad passwords:
   • “password”
   • “trustno1”
   • your name
   • your user name
   • your dog’s name
   • your birthday
   • any information about you
   • any word that can be found in any dictionary in any language
2. Use shadow passwords. Most newer Linux distributions do this automatically.
3. Telnet is a Bad Thing. Use secure shell (ssh) instead. Telnet sends your password and all of your data over the network in plaintext for anyone to read. Secure shell encrypts not only the data, but your password too.
4. Don’t use root unnecessarily. For day to day stuff, use a normal unprivileged user account. Only login as root for system administration. You can temporarily switch to root as a normal user with the “su” command.
5. Be careful to whom you give out accounts. If you don’t trust your friends to be as security-concious as you are, then don’t give them accounts on your machine.

IV. Get cozy with the bleeding edge

It’s not enough to simply setup your system once and then blindly continue about your business without a further thought to security. If you want to remain secure, you’ve got to continually stay abreast of the latest security developments.

1. At the minimum, regularly apply security updates for your Linux distribution. This is probably the single most important thing you can do to increase your system’s security. Updates are available for Redhat, Mandrake, Debian, SuSE, Caldera, etc.
2. Possibly follow a security mailing list such as BugTraq.

V. And all that’s just the beginning…

For even more security, there are many other measures you can take.

1. Check your logs regularly for weird stuff. Your logs have all kinds of useful information, including failed login attempts. This might help you spot a potential hacker before your system is compromised. System logs can usually be found in /var/log/
2. Scan your files for suid root permissions. Suid root permissions allow any user to run a file as if they were the root user.
3. Watch your binaries for changes. Often the first thing a hacker will do after compromising a system is to replace trusted system binaries with modified versions that hide the hacker’s presence, create backdoors for later re-entry, etc. Tools like tripwire allow you to be immediately notified when certain system binaries are modified.
4. Make use of sudo. Sudo allows you to restrict who can change to the root user.
5. Considering firewalling. Firewalling allows you to block certain incoming our outgoing data packets selectively. The Linux kernel has built-in firewalling code that can be accessed with IP Chains.