Hardening Your Linux Box

One of the hottest debates of late is about the security of Windows vs. the security of Linux. Personally, I think it’s becoming an argument of semantics. Yes, an unpatched box of either flavor is bound to get nailed at some point in time. In fact, anything you connect to the Internet without proper security (and some devices that are properly secured) is going to go down. It’s a fact of life anymore.

To me, Linux is more secure in the sense that it doesn’t have NetBIOS, and there are far fewer worms actively sniffing out Linux boxen. But that doesn’t mean it’s secure. Again, there are steps to take.

Steps like the ones in this IBM DeveloperWorks article. The third in a series, the article discusses the steps to be taken to harden a Linux box before setting it loose in production. The first two articles in the series (linked from the article) are more focused on security concepts and installation decisions.

A lot of this stuff will be common sense for an admin, but home users — particularly newbies — may not be aware of how far they can tighten their machine to protect their systems. Even just implementing some of these options, especially tweaking the (x)inetd services and (of course) setting up a firewall, can make your system far less vulnerable to attack. Some, such as quota enforcement and mandatory access controls, can even protect the system from local attackers, such as that nosy little brother.

Be sure to check out the sidebars as well, as they have several tips and links to some good tools.