Nine Tips to Secure Linux Desktops

Many media and experts believe that Linux believes that Linux is more secure than Windows. However, today, when security becomes more important, this security requires the correct configuration of the user. This security does not have to be achieved through some special security software or technology. Sometimes the best way to protect security is the one that is most easily forgotten.

Whether you are a Linux beginner or a skilled user or administrator, checking the nine measures mentioned below can help you enhance the security of your Linux desktop.

Locking screens and logging out is important

Many users may have forgotten that the Linux desktop is a multi-user environment. Because of this, after a user logs out of the desktop, another user can log in. Not only does this mean that other people can use your screen, it also means that after the user has finished working, they should log out in time.

Of course, logging out is not the only option. If you are the only user of the system, you can also lock the screen. Locking the screen means entering a password when the user re-enters the desktop. The difference between it and the logout is that when the user locks the screen, the application is still running after the user leaves the computer. After entering the desktop, you can continue the original work. Figure 1 and 2:

Figure 1

Figure 2

Hide files and folders

In Linux systems, files and folders are passed Hidden with ".". For example, as shown in the following figure, there are two files in the testfilefolder folder. We can use the ls command to view them. But after running the command mv adsl-stop .adsl-stop, you can only see one file with ls. This means that you can use mv to hide files that you don't want other users to see. Of course, you can use the ls -a command to view all files, whether they are hidden or not. Figure 3:

Figure 3

Having a good password

The password of a Linux user is just as important as the key to the door. If the user gives this key to many people, what else does he have to lock? Of course, this key is not easy to be easily made by others, that is, the user's password is not easy to guess. If you are using a distribution such as Ubuntu, this password may give users more access. In any case, it is important to ensure that the user's password is strong. If you are not sure if your password is appropriate, you can use the Automated Password Generator software, which can create a secure random password for you.

Figure 4
Do not install file sharing applications

Many users are sharing some files. If you want to run this function, you should be aware of the risks involved. Especially if you use this feature in the workplace, you will not only share your own files, but also other users of the company, and will hand over the entire desktop to other illegal users. Therefore, for security reasons, please do not install the file sharing tool.

Routine upgrades

Users who have used Windows have left a "deep" impression on Microsoft's regular release of operating system and application patches. But Microsoft is releasing patches much faster than Linux. In the Linux world, after a security vulnerability is discovered, its patch can be released in a matter of hours or minutes. Both KDE and Gnome support updates on the panel. Some people think that it is too much trouble to upgrade frequently, but I suggest you not to reject the security update. There must be a reason for the release of these updates.

Installing anti-virus mechanisms

Don't think that the possibility of a virus causing a system problem is negligible. I recommend that you use a robust virus defense tool, such as ClamAV, so that you can guarantee that messages sent from your machine will not contain bad code or other systems that affect the company's network.

SELinux is worth a try

SELinux is a good way to lock access control to applications, although some people think that SELinux has some unsatisfactory places, such as it may affect system performance, and you may Will find other applications to install. However, according to the author's experience, the security benefits of SELinux far outweigh the negative impact. During the Fedora installation, you will have the opportunity to enable SELinux. Figure

Creating /home on a separate partition is a safer method

The default Linux installation places the /home directory in the root of the system. This may be a good idea, but you need to be aware that since this is a standard installation, anyone who has access to your system will know exactly where the data is. Moreover, if your machine has some problems, how can your data be safe?

The solution to this problem is that you should place /home on a completely different hard disk or partition. This may not be a good idea, but if you really care about the security of the data, try it.

Terminate or disable some unnecessary services

Figure 5

A desktop machine you use, not a server. So it is completely unnecessary to run some services such as nfs, httpd, ftpd, sshd. It can be said that ordinary users should not run these services at all, they can only bring risks to ordinary users. Therefore, please do not run these services. For example, the method to terminate the NFS service is # /etc/init.d/nfs stop. You can check the /etc/inetd.conf file to see if all unnecessary services have been canceled. This method is simple but effective. You may wish to try.