How to secure your linux? (easily)
Now days computer security is on the top trending topics for several reasons, the pandemic confiment also boosted the search for this topic. So you have a linux, is it secure? Most likely yes, is it vulnerable, even if daily updated (also see how to speed up apt-update ) due to default values of some configurations.
An easy way to enhance Linux security or hardening Linux? Using lynis (also works on OSX)
What's hardening? Basically is just tunning and configuring some features that by default might allow someone to exploit or use that as a vulnerability. (not just one feature per se, but some combined might create something exploitable)
How to install lynis on Linux?
There are two instalation methods, easy and easiest. The main difference is the version you download from the Lynis site is always the latest one where the apt-get version might take sometime to get to the lastest.
An example is allowing access to compilers, an intruder can pass a bunch of string and in the end compile them and there you go, someone uploaded some string and created an executable on your machine. Another example is not enforcing secure password, 1234, Joe, and Password aren't exactly secure passwords, but if the system won't allow anything rather than ex: JustATinny123Pass**Again is virtual impossible to guess or crack.
In ubuntu/mint lynis installation (easiest):
- sudo apt install lynis
In ubuntu/mint lynis installation (easy):
- Go to Lynis webpage and download the rar
How to run Lynis on your Linux machine?
Previous Note: You should always run it as root user
- If the installation was done via apt-get the just type "lynis audit system" else, just go to the directory where you extracted Lynis and run "./lynis audit system".
This might take a while depending on our system ( 40sec plus).
What do you get? Whell for start you get a score! 0-100points... if you use a default ubuntu 20 LTS from scratch you'll get around 65points depending on installed packages.
There's a list of issues to be solved, their solution (if possible in your system), solve one by one and in the end run it again. In the end you improve your score and harden your system.
Examples which I focus a LOT, since some of my machines are only accessible by network: sshd connections hardening.