There are some very basic things you can do to protect a Linux system from the most basic security risks. Of course, depending on your configuration, the ways in which you will be using your system, and so forth, they might be more involved than the simple setup described here. In this section we briefly cover the basic mechanisms to secure a Linux system from the most common attacks — this is the basic approach one of the authors takes whenever installing a new machine.
The first step in securing a Linux machine is to shut down or disable all network daemons and services that you don’t need. Basically, any network port that the system is listening for connections on is a risk, since there might be a security exploit against the daemon using that port. The fast way to find out what ports are open is to use netstat -an, as shown next (we’ve truncated some of the lines, however):
# netstat -an Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:7120 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
Here we see that this system is listening for connections on ports
7120, 6000, and 22. Looking at
-p to netstat, can
often reveal what daemons are associated with these ports. In this
case it’s the X font server, the X Window System
server, and the ssh daemon.
If you ...