{"id":3182,"date":"2010-06-19T03:34:42","date_gmt":"2010-06-19T07:34:42","guid":{"rendered":"http:\/\/g33kinfo.com\/info\/?p=3182"},"modified":"2010-06-19T03:34:42","modified_gmt":"2010-06-19T07:34:42","slug":"5-tips-for-improving-linux-security","status":"publish","type":"post","link":"https:\/\/g33kinfo.com\/info\/5-tips-for-improving-linux-security\/","title":{"rendered":"5 tips for improving Linux security"},"content":{"rendered":"<p>From <a href=\"http:\/\/blogs.techrepublic.com.com\/five-tips\/?p=156\" target=\"_blank\" rel=\"noopener noreferrer\">blogs.techrepublic.com.com<\/a><\/p>\n<p>What\u2019s that you say? You don\u2019t need to do anything about security on your Linux box because it\u2019s Linux? Think again. Linux is an operating system that begs to be online, so it wants to be secure. Sure it\u2019s fairly secure out of the box, but NO operating system is 100% secure if it\u2019s, well, turned on. Here are five crucial Linux security tips.<\/p>\n<p><strong>1: Take advantage of the keyring<\/strong><\/p>\n<p>To many, this is an annoyance. You log in to your machine, your machine requests a connection to a network (or LDAP server, etc.), and you have to enter your keyring password. The temptation is to disable this feature by giving it an empty password and dismissing the warning that you\u2019ll be transmitting unencrypted information (including passwords). This is not a good idea. Although you might think it a hassle, this feature\/functionality is there for a reason \u2014 to encrypt sensitive passwords when they are sent over the wire.<\/p>\n<p><strong>2: Enforce user password update<\/strong><\/p>\n<p>If you run a multi-user environment (as Linux is wont to do), you should make sure that your users change their passwords every so often. To do this you use the chage command. You can check the expiration with the command<br \/>\n<code>sudo change -l USERNAME <\/code><br \/>\n(where USERNAME is the name of the user you want to check). Let\u2019s say you want to expire a user\u2019s password and make him change it upon next login. To do this, you could issue the command<br \/>\n<code>sudo chage -E EXPLICIT_EXPIRATION_DATE -m MINIMUM_AGE -M MAXIMUM_AGE -I INACTIVITY_PERIOD -W DAYS_BEFORE_EXPIRATION <\/code><br \/>\n(where all options in CAPS are user defined). For more information on this command, see the man page (issue the command man change).<\/p>\n<p><strong>3: Don\u2019t blindly disable SELinux<\/strong><\/p>\n<p>Similar to the keyring, SELinux is there for a reason. SE stands for Security Enhanced and it provides the mechanism that controls access to applications. I have read of a number of \u201csolutions\u201d to problems that involved disabling SELinux. If this is seen as a solution, it will only lead to more, uglier problems. If a particular program isn\u2019t running properly, look into modifying an SELinux policy to fit your needs rather than disabling SELinux. If you don\u2019t want to do this via the command line, you might want to check out a GUI tool called polgengui.<\/p>\n<p><strong>4: Don\u2019t log in as root<\/strong><\/p>\n<p>It may sound as if I\u2019m a broken record with this one, with good reason. I can\u2019t stress enough that Linux users should NOT be logging in as the root user. If you need to do administration on a machine, log in as your regular user and either su to the root user or take advantage of sudo. When you log in as the root user, you effectively bypass a major security hurdle and allow access to systems and subsystems that normally wouldn\u2019t be accessible when logged in as a standard user. Do not do this. Log in with your regular account. Period.<\/p>\n<p><strong>5: Install security updates quickly<\/strong><\/p>\n<p>There is a HUGE difference between the way Linux and Windows handle updates. Where Windows typically does an infrequent massive update, Linux does frequent smaller updates. Ignoring these updates can be disastrous if the right security hole is not patched on your system. You have to remember, some of those updates are in fact security patches and need to be applied immediately. Never ignore that icon indicating updates are available. And if you are using a GUI-less server, make sure you set up a cron job to check for updates or check them manually either daily or weekly. Stay up to date and you stay more secure.<\/p>\n<p><strong>Small steps<\/strong><\/p>\n<p>Do you and your Linux box already feel more secure? You should. With these five tips alone you have taken your Linux box to a new level of security. Mind you, this isn\u2019t a complete to-do list. It\u2019s just the start. The security of a networked computer is ongoing and ever-changing. But with tips like these, you\u2019ll be better prepared to meet that elusive goal.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>From blogs.techrepublic.com.com What\u2019s that you say? You don\u2019t need to do anything about security on your Linux box because it\u2019s Linux? Think again. Linux is an operating system that begs to be online, so it wants to be secure. Sure it\u2019s fairly secure out of the box, but NO operating system is 100% secure if&#8230; <\/p>\n<div class=\"read-more navbutton\"><a href=\"https:\/\/g33kinfo.com\/info\/5-tips-for-improving-linux-security\/\">Read More<i class=\"fa fa-angle-double-right\"><\/i><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-3182","post","type-post","status-publish","format-standard","hentry","category-info"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>5 tips for improving Linux security - Linux Shtuff<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/g33kinfo.com\/info\/5-tips-for-improving-linux-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"5 tips for improving Linux security - Linux Shtuff\" \/>\n<meta property=\"og:description\" content=\"From blogs.techrepublic.com.com What\u2019s that you say? You don\u2019t need to do anything about security on your Linux box because it\u2019s Linux? Think again. Linux is an operating system that begs to be online, so it wants to be secure. Sure it\u2019s fairly secure out of the box, but NO operating system is 100% secure if... Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/g33kinfo.com\/info\/5-tips-for-improving-linux-security\/\" \/>\n<meta property=\"og:site_name\" content=\"Linux Shtuff\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:author\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:published_time\" content=\"2010-06-19T07:34:42+00:00\" \/>\n<meta name=\"author\" content=\"g33kadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/drsinger1111\" \/>\n<meta name=\"twitter:site\" content=\"@drsinger1111\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/5-tips-for-improving-linux-security\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/5-tips-for-improving-linux-security\\\/\"},\"author\":{\"name\":\"g33kadmin\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"headline\":\"5 tips for improving Linux security\",\"datePublished\":\"2010-06-19T07:34:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/5-tips-for-improving-linux-security\\\/\"},\"wordCount\":677,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"articleSection\":[\"General Info\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/5-tips-for-improving-linux-security\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/5-tips-for-improving-linux-security\\\/\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/5-tips-for-improving-linux-security\\\/\",\"name\":\"5 tips for improving Linux security - Linux Shtuff\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\"},\"datePublished\":\"2010-06-19T07:34:42+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/5-tips-for-improving-linux-security\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/5-tips-for-improving-linux-security\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/5-tips-for-improving-linux-security\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"5 tips for improving Linux security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\",\"name\":\"Linux Shtuff\",\"description\":\"Because I have CRS Syndrome...\",\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\",\"name\":\"g33kadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"contentUrl\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"width\":512,\"height\":512,\"caption\":\"g33kadmin\"},\"logo\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\"},\"description\":\"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\\\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....\",\"sameAs\":[\"https:\\\/\\\/thelinuxreport.com\",\"https:\\\/\\\/fb.me\\\/g33kinf0\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/drsinger1111\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"5 tips for improving Linux security - Linux Shtuff","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/g33kinfo.com\/info\/5-tips-for-improving-linux-security\/","og_locale":"en_US","og_type":"article","og_title":"5 tips for improving Linux security - Linux Shtuff","og_description":"From blogs.techrepublic.com.com What\u2019s that you say? You don\u2019t need to do anything about security on your Linux box because it\u2019s Linux? Think again. Linux is an operating system that begs to be online, so it wants to be secure. Sure it\u2019s fairly secure out of the box, but NO operating system is 100% secure if... Read More","og_url":"https:\/\/g33kinfo.com\/info\/5-tips-for-improving-linux-security\/","og_site_name":"Linux Shtuff","article_publisher":"https:\/\/fb.me\/g33kinf0","article_author":"https:\/\/fb.me\/g33kinf0","article_published_time":"2010-06-19T07:34:42+00:00","author":"g33kadmin","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/drsinger1111","twitter_site":"@drsinger1111","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/g33kinfo.com\/info\/5-tips-for-improving-linux-security\/#article","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/5-tips-for-improving-linux-security\/"},"author":{"name":"g33kadmin","@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"headline":"5 tips for improving Linux security","datePublished":"2010-06-19T07:34:42+00:00","mainEntityOfPage":{"@id":"https:\/\/g33kinfo.com\/info\/5-tips-for-improving-linux-security\/"},"wordCount":677,"commentCount":0,"publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"articleSection":["General Info"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/g33kinfo.com\/info\/5-tips-for-improving-linux-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/g33kinfo.com\/info\/5-tips-for-improving-linux-security\/","url":"https:\/\/g33kinfo.com\/info\/5-tips-for-improving-linux-security\/","name":"5 tips for improving Linux security - Linux Shtuff","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/#website"},"datePublished":"2010-06-19T07:34:42+00:00","breadcrumb":{"@id":"https:\/\/g33kinfo.com\/info\/5-tips-for-improving-linux-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/g33kinfo.com\/info\/5-tips-for-improving-linux-security\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/g33kinfo.com\/info\/5-tips-for-improving-linux-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/g33kinfo.com\/info\/"},{"@type":"ListItem","position":2,"name":"5 tips for improving Linux security"}]},{"@type":"WebSite","@id":"https:\/\/g33kinfo.com\/info\/#website","url":"https:\/\/g33kinfo.com\/info\/","name":"Linux Shtuff","description":"Because I have CRS Syndrome...","publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/g33kinfo.com\/info\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547","name":"g33kadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","url":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","contentUrl":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","width":512,"height":512,"caption":"g33kadmin"},"logo":{"@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif"},"description":"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....","sameAs":["https:\/\/thelinuxreport.com","https:\/\/fb.me\/g33kinf0","https:\/\/x.com\/https:\/\/twitter.com\/drsinger1111"]}]}},"_links":{"self":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/3182","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/comments?post=3182"}],"version-history":[{"count":0,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/3182\/revisions"}],"wp:attachment":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/media?parent=3182"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/categories?post=3182"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/tags?post=3182"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}