| The University of Texas at Austin
|
Information Security Office
|
Information Security Office > Support Topics for Users

|
|
Support Topics for Users

Linux Security Checklist

Set strong passwords on all accounts
All users on the UT network are expected to choose strong passwords and guard them well. If someone else obtains your password, they can access your private data (including e-mail), alter or destroy your files and perform illegal or inappropriate activities in your name. To learn more about choosing strong passwords, visit the Password Dos and Don'ts topic.

Set up and use a user account instead of root
Never log in as root. Instead, set up a user account for daily use. If you need root access on a single user computer (i.e. to install or run certain applications) use the su command. If you have a multi-user computer, we suggest using the sudo command for root access level processing. Remember to set your user account as a mail alias for root so you will receive notices sent from the system.

Turn off unnecessary network services
Most importantly, turn off all network services that don't encrypt traffic. Common unencrypted services are telnet, rsh / rlogin, and ftp. These can be replaced by ssh and scp, available in all recent Linux distributions.

Install a firewall
If your computer is attached to a network or the Internet, someone else on the network can have their computer scan your machine for vulnerabilities. You don’t have to be a victim of these intrusions. If you install a personal firewall, you can choose to receive an alert whenever someone tries to access your system. The preferred firewall for Linux is iptables.

Stay up to date with security patches
Most distributions regularly release announcements when potential security problems are found. Check these sources at least once a week to make sure there aren't any security holes in the software your Linux installation runs.

Be careful when using peer-to-peer file sharing applications
Although peer-to-peer (P2P) applications such as Napster, Gnutella, iMesh, Audiogalaxy Satellite, and KaZaA, are a good way of sharing information, if you do not use them appropriately you may degrade the performance of the University’s network, unknowingly share your personal data, inadvertently violate federal copyright law, or expose your computer to malicious code or unacceptable use. Read What You Need to Know about Peer-to-Peer File-Sharing Applications.

 

Last updated August 24, 2007.
Copyright © 2002-08, Information Security Office. All rights reserved.
Privacy | Accessibility | Emergency Preparedness, Safety and Security

Send computing questions to the ITS Help Desk or call (512) 475-9400.

 
| | | |