Securing Linux

1. Apply security patches from your vendor.
2. Use good passwords.
3. Remove or disable unneeded services, particularly network services. For example, if you don't need a web-server, ftp server or Samba server, don't have them running.
4. Consider finding more secure server applications, where possible. (e.g., use VSFTPd rather than WU-FTPd, which is commonly installed on many Unix/Linux systems; or replacing sendmail with a simpler, more secure SMTP server).
5. Configure the firewall software. Virtually all Unix/Linux variants have built-in packet filtering firewalls.
• Linux (kernel 2.4 and above) - Netfilter/IPTables - There are various configuration tools available (most distributions include at least one) if you aren't comfortable configuring using the command-line interface.
• FreeBSD - IPFW
• NetBSD - IPFilter/IPF
• OpenBSD - PF: The OpenBSD Packet Filter
6. Be sure your system is running TCP-Wrappers and shadow password files. Most modern systems do this by default.