Discussion about Linux security

 Here are some questions with  answers on the topic of Linux security

1. Do I really need firewall on Linux since all the ports are closed by default?

The ports are closed by default but once you start installing programs you are more than likely enabling something that might ask for a permission to open and use some port on your system.

The result of the previous might be a security threat to your system. Good firewall interfaces for Linux are, for example: gufw and firestater. Gufw and firestrater are just interfaces, which do make it easier to tweak iptables.

Iptables remains to be the actual firewall of Linux system and comes installed by default. If you want to secure your  system it might be a good idea to use some firewall. However, the need for a firewall is still somewhat debated on Linux and the preference to have it enabled or disabled depends on an individual user.

2. What about viruses?

On Linux the number of viruses spreading is minimal and it is very very uncommon to have Linux with a virus. The structure and variety of Linux distributions does make it harder to desing a targeted virus, which could infect multiple machines in a simalar fashion like in Windows.

Also, Linux uses software channels. The official channels are maintained by trusted communities and their respected members. Linux is very well secured in the sense that nothing gets to be official without checks..

There remains a danger when you install stuff from less-known and private repositories but still when you use caution and common sense you should be just fine. If you want to have virus-detection program a very good one  is Clamav, which also has a Kde variation called Klamav.

Eventhough you do not usually need virus-detection programs on Linux there is no harm done installing them and learning to use them. If you think about scanning a Windows partition within Linux then installing some detection program remains a very good idea.

3. Worrying about rootkits and hidden backdoors?

My recommendation is that you checkout rkhunter, which is a nice little program that scans the system and complains about some potential security threats it detects.

Do remember though that depending on your system you might get a number of false alarms. The false alarms and their reasons do remain usually well documented so search and remain calm before panicing.

Another very good rootkit detection program is chrootkit. If you are worried about rootkits my recommendation is that you check out both the programs mentioned here.

4. Always stay up to date but do not over do it

One good rule is that it is good to stay up to date when it comes to security updates and general system updates.

Sometimes staying very up to date can cause stability errors but usually these remain only small bumps on the road for experienced users and they should not be too problematic for newer users either.

Still, when you are updating/upgrading something major it is always good to wait a bit and see if there are some reported errors.

For example, as my experience went I was having many problems during the days when I used Ubuntu and upgraded it to latest and greatest as soon as the upgrade came available.

Another thing to consider is that sometimes upgrades can cause minor headaches but they can also expose your system to some security threats, which appear from time to time when the code matures, so again use caution and common sense before you upgrade anything major.

5. What about SeLinux and others?

SeLinux and other solutions, which provide mandatory access control can boost the security of the system. Mandatory access control solutions literally execute only the things, which are demanded (flagged as mandatory by the user)

The downside of SeLinux and others remains in the fact that they are hard to configure. Currently, Fedora and Fedora based distributions remain the only ones, which seem to provide a nice and easy way to enable SeLinux via  dedicated gui programs. . (gui= Graphical user interface)

Another downside of SeLinux is that since it changes file permissions you might have difficulties to access your files if you decide to change your distribution. Permission issues are usually easy to fix within a terminal as a root user by executing:chown -hR username /home/username

In general terms, SeLinux is not needed if you are trying to build a regular computer. Similar solutions to SeLinux include for example: Apparmor and TOMYO tools so check them out as well if curious.

Additonal tip: Customizing the Linux kernel to specific needs might help to make the system more secure. See more from: http://www.techtimejourney.net/building-a-custom-kernel/