Greetz AO'er's. This tutorial is going to be an overview and some information on common and even uncommon Linux/Unix security practice's. Throughout this guide, you'll learn how to "harden" your box by performing a few common security practice's. Let's not waste time and jump into some common Unix security practice's.

Unix Security Practice's: What You Should Do

-- If you have root access to your system, it's best if you rarely (if ever) use that account. The more you do, the more and longer you leave yourself susceptible to an attack which would compromise the account. Instead, create an account similiar to root with root-level privledges and rename it.

-- If you wanna feel safer, block login's to root. As stated, rename it something different to confuse hacker's and so they won't know which to go for if they wanna "root" your box.

-- Limit or Eliminate su access to root.

-- Password security is a must, make sure your password's are very difficult to crack and should be mixed character's. Don't forget to make it something you can remember, like perhaps your nephew's birthday or something (for example, Jack61690 would be a good password) would be great. Even scrambling mixed character's make's it a great password, just tough to remember (i.e jg859jo59fk). It might even be noted that you should change your password often.

-- Honeypot's/Firewall's are a must for any system in today's world. Constant port probe's and random vulnerability scanning can lead to your system being a target. Be sure to install a honeypot or a firewall shortly after install. Moniter the logs and test your setting's. Configuration is key when installing a firewall, so read the installation instruction's carefully.

-- As with any system, backup your file's every so often in the event of an intrusion. Always, ALWAYS have backup's.

-- A/V software is key to any Unix system administrator or even a home Linux user. It is vital to download one after installation. Always keep up with the update's and download them as soon as release. Be wary of what you download off the internet. There will always be new worm's and new virii all the time so keeping this updated is critical.

-- As with any other system, ALWAYS be on the lookout for the latest updates and patches for your Unix/Linux machine. One of the worst thing's to have to worry about is to have a hacker hack your OS because of a non-patched bug. Always download the latest patches and keep up with the newest modification's in your OS.

-- IDS system's and other tool's of the like work wonder's. Use them to your advantage and if your capabilities extend that far.

-- Common logic about email attachment's: Use Common Sense. If you don't know the person and they want you to open a file on your computer, chances are it's something malicious and harmful.

-- When it comes to securing your system and Computer Security in general, paranoia is a good thing.

-- Be careful of user access and file permission's on your system. Create user level's with permission's that you feel are needed, don't make any that is not needed.

-- Turn off/shutdown any service's or server's you don't need or use. All it does is open more holes into your system for a hacker to exploit. Close any port's that you don't need open.

-- Perform weekly or daily virus scan's for infected software. Even if you have auto-detect on, it's still a good choice to scan anyways.

-- Use chmod to your liking and how you want file permission's to be set.

-- If on a network (or even home, as it could happen) be sure to not let any user rm -rf as you don't want your files and everything deleted because of something as silly and stupid as that.


Well, those are my tip's and practice's on securing your *nix box. Hopefully you found this tutorial helpful and you'll apply these tip's to your system, as it's designed to secure it. Remember, your box is only as secure as you make it to be