Back in section 7.1 on page , we discussed
file permissions in Linux. This is a fundamental way to keep your system secure.
If you are running a multi-user system or a server, it is important to make
sure that permissions are correct. A good rule of thumb is to set files to have
the minimum permissions necessary for use.
If you are running a network server, there are some other things to be aware
of as well. First, you ought to uninstall or turn off any network services you're
not using. A good place to start is the file /etc/inetd.conf; you can
probably disable some of these. For most network services, it's also possible
to control who has access to them; the /etc/hosts.allow and /etc/hosts.deny
files (documented in man 5 hosts_access) can control who has access
to which services. You also ought to keep up-to-date with patches or updates
to Debian; these can be found on your nearest Debian FTP mirror.
Some other commonsense rules apply:
Never tell anyone your password.
Never send your password in cleartext across the Internet by using something
like telnet or FTP. Instead, use encrypted protocols or avoid logging in remotely.
Avoid using root as much as possible.
Don't install untrusted software, and don't install it as root.
Avoid making things world-writable whenever possible. /tmp is one exception
to this rule.
While this is probably not of as much use to somebody not running a server,
it is still pays to know a bit about security. Debian's security mechanism is
what protects your system from many viruses.