Thursday, July 7, 2022
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > 7 ways of staying secure on Linux

7 ways of staying secure on Linux

That’t sure that GNU/Linux is safer compared to the other operating systems, but also even malware and rootkits are already an issue for users out there, it is better to take precautions to protect your system even it runs Linux. It is also pertinent that you take care of your own data while either system in use or just powered off. Let’s list some precautions that you may like to employ before your system is at risk.

Seda Nur Cinar by Seda Nur Cinar
September 7, 2019
in Cybersecurity, Linux
4 min read
0 0
0
linux-security
1
SHARES
139
VIEWS
Share on FacebookShare on TwitterShare on EmailFollow on Google News

How to stay secure on Linux?

Encrypt your whole drive, if possible

Full disk encryption is a built-in feature in most of the modern Linux distributions. Being the most important and basic data-at-rest protection, full disk encryption prevents anyone accessing date on your system even it was stolen, and the attacker has unlimited time on their hands.

Other than the described best practice you may only opt to encrypt your home directory only which is not as effective as the full encryption as it may be somehow circumvented by other kinds of attacks. This option differs from the full encryption as the operating system does not load if you do not enter the correct password at the startup but the in-home directory encryption system just runs and waits for user-pass authentication for the account.

Use a strong password and run commands that you trust

Using a strong password, is good and easy way to protect your user account, especially if you are not utilizing the power of full disk encryption. You should make sure you always use a strong, lengthy password enough to avert remote attacks to your accounts or from an intruder mingling with your computer.

As a user you might be in situations where you are not that good on the subject and a problem keeps occurring then you happen to follow a guide you found on the Internet. Please bear in mind that the Linux command prompt is powerful, especially if you have the superuser rights. Before you copy-paste a command you read somewhere into the terminal, ask yourself whether you trust the source and the intention of the fix you expect.

Use a basic account for your daily activity

For everyday computing, log in with a basic or standard user account; a non-root, non-privileged account. This is likely to be the default behavior when creating a new account, but it’s worth double-checking your account’s status. Note that some system-wide actions will require you to log in with the administrator account because of restricted permissions but it is okay for the sake of security.

Also, check whether the account that you are using has an administrative privilege or not. If yes, you should be more careful while performing your daily activities. If you don’t want to encounter catastrophes, think twice before entering any commands, which may affect your Linux system.

Update your system and check for rootkit regularly

Updating all the software with a single updater is possible on GNU/Linux. You may opt-out to receive minor software updates maybe, but it is encouraged to at least get all the security updates from your distribution repository at least once a week. By this routine, the only thing you will count as a threat will be zero-days which most of the systems out there would be vulnerable to indiscriminately.

Your system must be checked for rootkits regularly. It is easy to use rootkit detectors like Chkrootkit. Being a serious threat for all kinds of systems recently, performing rootkit checks regularly is a must even on a GNU/Linux system. Chkrootkit can be found on your distribution’s software repositories and be installed easily. After that, you can run it from the command line in superuser mode. That will usually be enough to stay safe from rootkits.

Be careful while using remote access

It is a nice practice to use a more secure SSH server configuration on your system if you have intentions to access it remotely. You can edit your SSH config file removing the option to remote logging in as root. To do that “PermitRootLogin no” line should be uncommented.

Also, you should change the SSH port to any number over 1000, preferably over 10000, as this will make many scanners miss your system on their default settings. Performing vulnerability analysis on your system will also help you to see if there is any gap that may be used for a remote access attack. If the scans result in a vulnerability, take the required mitigation actions immediately.

Check your installed applications

Keeping a minimum of the installed applications is one of the best ways to avoid vulnerabilities. You can check installed applications manually, also using tools makes it easy. As well as looking through your application list manually, there may be tools available for your distribution to make it easy, such as BleachBit. You can remove unused or unnecessary software from your system easily.

As we’ve mentioned before, performing periodic vulnerability scans will help you to discover potential application-based vulnerabilities. Simply, remove unnecessary applications from your system, instead of trying to maintain or keep up-to-date them.

Use a firewall and close all unused ports

Linux has a powerful firewall in itself, running through iptables. But iptables is hard to manage for ordinary, even for some advanced users so there are more basic approaches like UFW. UFW, an uncomplicated firewall, can easily shut down all ports to the outside world if they are not expecting connection.

Your requests are not prevented by this because by default responses to your requests are allowed through it. If you want remote access to your system leave the SSH port open (which already should have been changed from the default 22!) but shut the rest down. You will be safer.

  • If you are interested in technical tips in detail, you can read the step by step how to secure a Linux server article on Imunify’s blog: What are Steps to Secure a Linux Server?

    See more Cyber Security News


    Share1TweetSendShare
    Seda Nur Cinar

    Seda Nur Cinar

    Seda Nur Cinar is the news editor of the Cloud7 News. With more than 8 years of Linux and cloud experience, Seda is a Linux and opensource enthusiast, security researcher and a web application developer.

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    I agree to the Terms & Conditions and Privacy Policy.

    Next Post
    GoDaddy IPO to value the company at $2.87 billion

    GoDaddy IPO to value the company at $2.87 billion

    Related News

    US Department of Defense is inviting hackers to assist in strengthening its security systems

    US Department of Defense launches Hack U.S. bug bounty program

    July 6, 2022 8:35 pm
    Crypto hackers stole almost $2 billion in H1 2022

    Crypto hackers stole almost $2 billion in H1 2022

    July 6, 2022 8:10 pm
    Oracle Linux 9 released

    Oracle Linux 9 released

    July 6, 2022 7:59 pm

    New ransomware targeting VMware ESXi servers

    July 6, 2022 3:50 pm
    Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter

    Check your inbox or spam folder to confirm your subscription.

    By subscribing, you agree to our
    Copyright Policy and Privacy Policy

    Editor's Choice

    Interview with Igor Seletskiy on AlmaLinux

    7 best hosting control panels

    How to update Linux Kernel without rebooting?

    7 best Linux mail servers for 2022

    7 best cPanel alternatives for 2022

    7 best Linux web browsers for 2022

    7 best CentOS alternatives

    7 best Linux server distros for 2022

    How to scan your server for Log4j (Log4Shell) vulnerability

    10 Best Web Hosting Services of 2022

    AlmaLinux 8.6 Stable is ready to download

    Ubuntu 22.04 LTS is available for download. What is new?

    Kali Linux 2022.2 is ready for download

    Advertisement

    Recent News

    • US Department of Defense launches Hack U.S. bug bounty program
    • Crypto hackers stole almost $2 billion in H1 2022
    • Oracle Linux 9 released
    • IBM announced the acquisition of Databand.ai
    • Envato is closing Envato Studio and Twenty20

    Our Latest Interview

    Interview: Erez Barak, Vice President Observability of Sumo Logic
    Interview

    Interview: Erez Barak, Vice President Observability of Sumo Logic

    by Atalay Kelestemur
    November 25, 2021 3:23 am


    Cloud7 News is a news source that publishes the latest news, industry news and exclusive interviews on web hosting, cloud computing, data center, cybersecurity and Linux OS.

    EXPLORE

    • Web Hosting
    • Cloud Computing
    • Data Center
    • Cybersecurity
    • Linux
    • Network/Internet
    • Software
    • Hardware
    • Blockchain
    • How-Tos
    • Troubleshooting

    RESOURCES

    • Events
    • Interviews
    • Jobs
    • Opinion
    • Whitepapers
    • Glossary
    • Community Forum
    • Web Hosting Directory

    Get the Cloud7 Newsletter

    Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

    • About
    • Privacy & Policy
    • Copyright Policy
    • Contact

    © 2022, Cloud7 News. All rights reserved.

    No Result
    View All Result
    • Cloud Computing
    • Web Hosting
    • Data Center
    • Linux
    • Cybersecurity
    • More
      • Network/Internet
      • Windows
      • Software
      • Hardware
      • Blockchain
      • Policy/Legislation
      • How-Tos
      • Troubleshooting
    • Events
    • Interviews
    • Jobs
    • Opinion
    • Whitepapers
    • Glossary
    • Community Forum
    • Web Hosting Directory

    © 2022, Cloud7 News. All rights reserved.

    Welcome Back!

    Sign In with Facebook
    Sign In with Google
    Sign In with Linked In
    OR

    Login to your account below

    Forgotten Password? Sign Up

    Create New Account!

    Sign Up with Facebook
    Sign Up with Google
    Sign Up with Linked In
    OR

    Fill the forms below to register

    *By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
    All fields are required. Log In

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In
    This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.