Sunday, February 5, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > 7 ways of staying secure on Linux

7 ways of staying secure on Linux

That’t sure that GNU/Linux is safer compared to the other operating systems, but also even malware and rootkits are already an issue for users out there, it is better to take precautions to protect your system even it runs Linux. It is also pertinent that you take care of your own data while either system in use or just powered off. Let’s list some precautions that you may like to employ before your system is at risk.


Seda Nur Cinar Seda Nur Cinar
September 7, 2019
4 min read
linux-security

Table of Contents

  • How to stay secure on Linux?
    • Encrypt your whole drive, if possible
    • Use a strong password and run commands that you trust
    • Use a basic account for your daily activity
    • Update your system and check for rootkit regularly
    • Be careful while using remote access
    • Check your installed applications
    • Use a firewall and close all unused ports

How to stay secure on Linux?

Encrypt your whole drive, if possible

Full disk encryption is a built-in feature in most of the modern Linux distributions. Being the most important and basic data-at-rest protection, full disk encryption prevents anyone accessing date on your system even it was stolen, and the attacker has unlimited time on their hands.

Other than the described best practice you may only opt to encrypt your home directory only which is not as effective as the full encryption as it may be somehow circumvented by other kinds of attacks. This option differs from the full encryption as the operating system does not load if you do not enter the correct password at the startup but the in-home directory encryption system just runs and waits for user-pass authentication for the account.

Use a strong password and run commands that you trust

Using a strong password, is good and easy way to protect your user account, especially if you are not utilizing the power of full disk encryption. You should make sure you always use a strong, lengthy password enough to avert remote attacks to your accounts or from an intruder mingling with your computer.

As a user you might be in situations where you are not that good on the subject and a problem keeps occurring then you happen to follow a guide you found on the Internet. Please bear in mind that the Linux command prompt is powerful, especially if you have the superuser rights. Before you copy-paste a command you read somewhere into the terminal, ask yourself whether you trust the source and the intention of the fix you expect.

Use a basic account for your daily activity

For everyday computing, log in with a basic or standard user account; a non-root, non-privileged account. This is likely to be the default behavior when creating a new account, but it’s worth double-checking your account’s status. Note that some system-wide actions will require you to log in with the administrator account because of restricted permissions but it is okay for the sake of security.

Also, check whether the account that you are using has an administrative privilege or not. If yes, you should be more careful while performing your daily activities. If you don’t want to encounter catastrophes, think twice before entering any commands, which may affect your Linux system.

Update your system and check for rootkit regularly

Updating all the software with a single updater is possible on GNU/Linux. You may opt-out to receive minor software updates maybe, but it is encouraged to at least get all the security updates from your distribution repository at least once a week. By this routine, the only thing you will count as a threat will be zero-days which most of the systems out there would be vulnerable to indiscriminately.

Your system must be checked for rootkits regularly. It is easy to use rootkit detectors like Chkrootkit. Being a serious threat for all kinds of systems recently, performing rootkit checks regularly is a must even on a GNU/Linux system. Chkrootkit can be found on your distribution’s software repositories and be installed easily. After that, you can run it from the command line in superuser mode. That will usually be enough to stay safe from rootkits.

Be careful while using remote access

It is a nice practice to use a more secure SSH server configuration on your system if you have intentions to access it remotely. You can edit your SSH config file removing the option to remote logging in as root. To do that “PermitRootLogin no” line should be uncommented.

Also, you should change the SSH port to any number over 1000, preferably over 10000, as this will make many scanners miss your system on their default settings. Performing vulnerability analysis on your system will also help you to see if there is any gap that may be used for a remote access attack. If the scans result in a vulnerability, take the required mitigation actions immediately.

Check your installed applications

Keeping a minimum of the installed applications is one of the best ways to avoid vulnerabilities. You can check installed applications manually, also using tools makes it easy. As well as looking through your application list manually, there may be tools available for your distribution to make it easy, such as BleachBit. You can remove unused or unnecessary software from your system easily.

As we’ve mentioned before, performing periodic vulnerability scans will help you to discover potential application-based vulnerabilities. Simply, remove unnecessary applications from your system, instead of trying to maintain or keep up-to-date them.

Use a firewall and close all unused ports

Linux has a powerful firewall in itself, running through iptables. But iptables is hard to manage for ordinary, even for some advanced users so there are more basic approaches like UFW. UFW, an uncomplicated firewall, can easily shut down all ports to the outside world if they are not expecting connection.

Your requests are not prevented by this because by default responses to your requests are allowed through it. If you want remote access to your system leave the SSH port open (which already should have been changed from the default 22!) but shut the rest down. You will be safer.

  • If you are interested in technical tips in detail, you can read the step by step how to secure a Linux server article on Imunify’s blog: What are Steps to Secure a Linux Server?

    See more Cybersecurity News


    Seda Nur Cinar

    Seda Nur Cinar

    Seda Nur Cinar is the news editor of the Cloud7 News. With more than 8 years of Linux and cloud experience, Seda is a Linux and opensource enthusiast, security researcher and a web application developer.

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    I agree to the Terms & Conditions and Privacy Policy.

    Next Post
    GoDaddy IPO to value the company at $2.87 billion

    GoDaddy IPO to value the company at $2.87 billion

    Related News

    Best Ubuntu alternatives for desktop of 2023

    Best Ubuntu alternatives for desktop of 2023

    February 4, 2023 12:20 pm
    LockBit encryptor source code is updated

    LockBit encryptor source code is updated

    February 3, 2023 4:40 pm
    Fortinet is expanding its SOC offerings portfolio

    Fortinet is expanding its SOC offerings portfolio

    February 3, 2023 2:00 pm
    Radware announces a new partner program

    Radware announces a new partner program

    February 3, 2023 1:30 pm
    Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
    Select list(s):

    Check your inbox or spam folder to confirm your subscription.

    By subscribing, you agree to our
    Copyright Policy and Privacy Policy

    Get the free newsletter

    Subscribe to receive the latest IT business updates straight to your inbox.

    Select list(s):

    Check your inbox or spam folder to confirm your subscription.

    Editor's Choice

    What’s new in Linux kernel 6.2 rc6?

    10 Best Web Hosting Services of 2023

    Ubuntu 22.04 LTS is available for download. What is new?

    CERN and Fermilab recommend AlmaLinux

    7 best hosting control panels of 2023

    How to update Linux Kernel without rebooting?

    7 best Linux mail servers of 2023

    7 best cPanel alternatives for 2023

    7 best Linux web browsers for 2023

    7 best CentOS alternatives

    7 best Linux server distros of 2023

    Interview with Igor Seletskiy on AlmaLinux

    How to create a VM on VMware Workstation

    Recent News

    • Weekly round-up: 30 January – 3 February
    • What is Deep Learning?
    • What is GitHub Copilot?
    • Cloud7 Expert Series: Dennis Kittrell from CloudLinux
    • Best Ubuntu alternatives for desktop of 2023

    Cloud7 News
    Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

    EXPLORE

    • Web Hosting
    • Cloud Computing
    • Data Center
    • Cybersecurity
    • Linux
    • Network/Internet
    • Software
    • Hardware
    • How-Tos
    • Troubleshooting

    RESOURCES

    • Events
    • Interviews
    • Jobs
    • Opinion
    • Whitepapers
    • Glossary
    • Community Forum
    • Web Hosting Directory

    Get the Cloud7 Newsletter

    Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

    • About
    • Privacy & Policy
    • Copyright Policy
    • Contact

    © 2023, Cloud7 News. All rights reserved.

    No Result
    View All Result
    • Cloud Computing
    • Web Hosting
    • Data Center
    • Linux
    • Cybersecurity
    • More
      • Network/Internet
      • Windows
      • Software
      • Hardware
      • Blockchain
      • Policy/Legislation
      • How-Tos
      • Troubleshooting
    • Events
    • Interviews
    • Jobs
    • Opinion
    • Whitepapers
    • Glossary
    • Community Forum
    • Web Hosting Directory

    © 2023, Cloud7 News. All rights reserved.

    Welcome Back!

    Sign In with Facebook
    Sign In with Google
    Sign In with Linked In
    OR

    Login to your account below

    Forgotten Password? Sign Up

    Create New Account!

    Sign Up with Facebook
    Sign Up with Google
    Sign Up with Linked In
    OR

    Fill the forms below to register

    *By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
    All fields are required. Log In

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In
    This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.