Minimizing Linux attack surface

Hi,
I was wondering: for Windows there are numerous guides and documentation of how to secure the system. For Linux it's hard to find any comprehensive ones (most seem to be for sysadmins who administer servers, but I mean here regular home user who has transisted from Windows to Linux.)

F.e. my example, I have a few months ago transisted from Win7 to Linux Mint, one of the most popular distros. However from Windows world I have taken the fact that you can minimize the attack surface and thus increase the security by disabling unnecessary services/removing unnecessary apps.

So taken this Linux Mint that is bundled with lots of sw, I have:
- created a good password for the account
- enabled firewall, only outbound connections TCP 80, 443 and UDP 53 are allowed.
- I have removed packages for sw/services I do not need (removed SSH, FTP, Telnet, Vino, Samba packages) - I understand if I have done that I do not have to disable these services anymore as they are not able to run anyway without the sw;
- regularly scan with RKhunter and CHKrootkit.

Any more essential steps to take?
And links to any good guides are also welcome on Linux security from a standard user perspective.

 

A similar question was posted on the CrunchBang Linux forums:

http://crunchbang.org/forums/viewtopic.php?id=29012

Personally, I don't think regular home users would need to harden their Linux installs as much as a sysadmin would for a server. Instead I would focus on choosing good passwords, encrypting private data, and being cautious about scripts you download from the internet.

 

@breikop,

you'll pleased to know Ubuntu and its derivatives are very secure by default:

-https://wiki.ubuntu.com/Security/Features

Certainly not necessary, but if you're so inclined and comfortable doing so, you might want to look at hardening Internet-facing applications, browser especially, using Apparmor:

-https://help.ubuntu.com/community/AppArmor

there's also a good thread in this forum:

-http://www.wilderssecurity.com/showthread.php?t=320017

focus mainly on posts from Hungry Man, x942, Chronomatic and tlu.

 

to follow on from wat0114, important to follow common sense as well, only download software from official repositories, don't mess with your system configuration unless you really know what you are doing (double check security implications). Follow mailing lists and news for any potential security issues.

Cheers, Nick.

 

better is to use already hardened linux and unix

https://www.wilderssecurity.com/showthread.php?t=353183

 

Very bad advice. Security is not a target per se.

Any distro is (can be) secured enough. The OP has to choose the one that fits his needs. Then the few extra steps provided by wat0114 and Nick are all that matter.

Once again, Linux is not windows and importing to the Linux world the windows habits is not necessarily correct.
E.g. RKhunter and CHKrootkit are useless.