Initial Steps in Setting Up a Secure System

There are some very basic things you can do to protect a Linux system from the most basic security risks. Of course, depending on your configuration, the ways in which you will be using your system, and so forth, they might be more involved than the simple setup described here. In this section we briefly cover the basic mechanisms to secure a Linux system from the most common attacks — this is the basic approach one of the authors takes whenever installing a new machine.

Shutting Down Unwanted Network Daemons

The first step in securing a Linux machine is to shut down or disable all network daemons and services that you don’t need. Basically, any network port that the system is listening for connections on is a risk, since there might be a security exploit against the daemon using that port. The fast way to find out what ports are open is to use netstat -an, as shown next (we’ve truncated some of the lines, however):

# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0  *               LISTEN      
tcp        0      0  *               LISTEN      
tcp        0      0    *               LISTEN

Here we see that this system is listening for connections on ports 7120, 6000, and 22. Looking at /etc/services, or using the -p to netstat, can often reveal what daemons are associated with these ports. In this case it’s the X font server, the X Window System server, and the ssh daemon.

If you ...

Get Running Linux, Fourth Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.