A locked safe

Unix Security

  • Don't use the following insecure services. Most of these services are enabled or disabled from linuxconf, /etc/xinetd.d/* or /etc/inetd.conf.
    • rsh (remots shell)
    • rlogin (remote login)
    • finger (who really needs to know who is logged into your computer from another computer? You can always use w)
    • sendmail (smtp) (sendmail should only be run on e-mail servers)
    • snmp (Simple Network Management Protocol)
  • If you need telnet, rsh, rlogin, consider using ssh instead.
  • If you need to close port 6000 (X11 ports), you can usually close them if you use "-nolisten tcp" option when the X server is started. There are many locations and ways to start the X server. If you are using Gnome, you can edit /etc/X11/gdm/gdm.conf and make the following changes:
    StandardXServer=/usr/X11R6/bin/X -nolisten tcp
    command=/usr/X11R6/bin/X -nolisten tcp
  • If a web server is installed, at least change the default web page to something useful. It makes it easier to determine if web server needs to be running.
  • You probably don't need the anonymous account enabled FTP (when FTP needs to be enabled). Make sure the anonymous account is disabled.
  • You can use "netstat -atu" to see what TCP and UDP ports are open and available to the network on your computer.
  • Occasionally look at the OS logs, which are typically in /var/log/messages
Terms of Use