How to keep your Linux box secure?
Originally Posted by Bonso
Never run as root
For starters never ever run the machine on the root account unless absolutely necessary and when you do, make sure you 'su -' to the root account. Should this not be possible then dissable all external access before logging on as root.
Keep your system up to date
Just as within the Windows world there are security holes in some of the the many parts that make a Linux system run and just as with Windows they are fixed with patches. So when your vendor offers a security patch its a good idea to install it. If you are worried about the patch breaking the system then check the patch documentation as it sometimes suggests a workaround for the security flaw. Most distributions now have an automated updating tool similar to the Windows Update tool in Windows.
Shut down unused services
Another thing to do is shut down any services that your machine doesn't use. If you have no intention of telneting into the machine there is not point in having the service running. If you would like to tinker with Apache, FTP or MySQL (or something else), don't allow external access to the services until they have been propperly configured and secured.
Some general security guides:
Even though these may seem distribution specific I think they are good all-round guides:
Gentoo security guide: http://www.gentoo.org/doc/en/gentoo-security.xml
Redhat 9 security guide: http://www.redhat.com/docs/manuals/l...ecurity-guide/