O'Reilly logo

Running Linux, Fourth Edition by Lar Kaufman, Terry Dawson, Matthias Kalle Dalheimer, Matt Welsh

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Initial Steps in Setting Up a Secure System

There are some very basic things you can do to protect a Linux system from the most basic security risks. Of course, depending on your configuration, the ways in which you will be using your system, and so forth, they might be more involved than the simple setup described here. In this section we briefly cover the basic mechanisms to secure a Linux system from the most common attacks — this is the basic approach one of the authors takes whenever installing a new machine.

Shutting Down Unwanted Network Daemons

The first step in securing a Linux machine is to shut down or disable all network daemons and services that you don’t need. Basically, any network port that the system is listening for connections on is a risk, since there might be a security exploit against the daemon using that port. The fast way to find out what ports are open is to use netstat -an, as shown next (we’ve truncated some of the lines, however):

# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:7120            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:6000            0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN

Here we see that this system is listening for connections on ports 7120, 6000, and 22. Looking at /etc/services, or using the -p to netstat, can often reveal what daemons are associated with these ports. In this case it’s the X font server, the X Window System server, and the ssh daemon.

If you ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required