You can take steps to protect yourself from intruders who attempt to break into your UNIX or Linux system. Among many of the different security services here are some things to do to make intrusion more difficult.
Turn off unused services
Services which you don’t enable can’t be attacked from the outside. If you don’t provide access to a service, it doesn’t matter if there is any vulnerability in the daemon which would provide that service. So disable anything you don’t need to use.
Where available, install IP filter or firewall rules
Restricting network access helps, it is no security that you won’t be attacked. But restricting access to a smaller group of systems will reduce the number of attempts you see made against you.
Install ssh and tcpd
SSH (Secure SHell) is a protocol which supports logging into a remote system or executing commands on a remote system, using an encrypted communication between the two systems. Both ssh and the tcp wrapper tcpd use a pair of configuration files to define what hosts are allowed to make connections to specific TCP services on your machine. Use these to limit access to those services and prevent unwanted intrusion attempts.
Keep your system up-to-date with the latest patches from your vendor
UNIX and Linux exploits are discovered from time to time, and if you don’t keep your configuration updated, you’ll potentially leave yourself exposed to attacks that try newly discovered vulnerabilities. Get the latest patches for your version of the OS.
UNIX File Sharing
You may want to give others access to your directory or files in one of your directories. As an individual user, you can control who has access to the files which you own, by setting UNIX file permissions. Network File System (NFS) is the most frequently used method of sharing access to a filesystem (or a directory in a filesystem) between UNIX systems.
At this point, if your system does not meet at least the above or if you need to make your Linux production systems compliant with various audit requirements, then our training should offer a good baseline and starting point, see our Linux page for more info in training and consulting services.
Leave a Reply