Some advice for Linux users re: security procedures

Discussion in 'all things UNIX' started by Gullible Jones, Jan 25, 2015.

  1. Gullible Jones

    Gullible Jones Registered Member

    May 16, 2013
    1. Keep your desktop Linux installs up to date. You Are Not Invulnerable.

    2. Use reasonably current install media, because you are vulnerable during the window between installation and updates.

    3. Know what is running, and what should be running, on your Linux systems. If possible use UNIX process accounting:

    which uses the kernel to keep logs of every command run by every user. Blocking an attack is good; knowing that an attack actually happened is vital.

    4. Know your files, and know where they are and why you put them there, so that anything that shouldn't be there stands out.

    5. Use a dedicated firewall machine with outbound connection logging and a decent web interface. Check the web interface regularly to make sure things are as they appear. Do not try to roll your own firewall.

    6. Regularly check that everything else on your network is clean, including the Windows machines. Windows might be the first target, that doesn't mean Linux won't be the second.

    7. Backup, backup, backup. Seriously, back up everything you can.

    (Right now I'm dealing with the aftermath of an intrusion on my home network, which looks to have started on one of the Windows boxes. I got lucky this time. In the future, I think I'll try to avoid relying so much on luck...)