Linux data security and hardening tips

It is a big challenge for server managers to maintain Linux data safe in the era where computer viruses are overflowing. Here, we'd like to introduce multiple feasible tips on Linux data security and hardening.

1. Ensuring physical system security
For the sake of data security of physical system, Linux users are supposed to disable system to boot from CD/DVD, external devices and floppy drives during the course of BIOS configuration. Then, enable BIOS password and GRUB password protection, which will greatly restrict access.

2. Maintaining hard disk data security
As we all know, a brand new hard disk can not be used until it is partitioned. However, partitioning can also effectively avoid severe consequences when data security can not be secure. That is because different types of data are stored into different partitions, and only data residing in faulty partition will be lost or damaged, without affecting other partitions. For the sake of Linux data security, users had better create partitions like boot partition and partition for third-party program storage on the basis of actual demands.

3. Minimizing installation package
The smaller the installation package is, the fewer bugs there will be. During the course of software installation, there is no need to install all included applications in the installation package if users want to main Linux data safe. Moreover, users are most likely to suffer from disasters brought by installation package bugs. Once an application in the package is affected by a bug, other applications can be influenced later. In this condition, users ought to find and disable the application with bug so as to minimize losses generated by particular bug.

4. Checking listener port of network
With the help of network command "netstat", user can check all open terminals and other relevant procedures. If users want to close undesired web service, they can make use of "chkconfig" command so as to protect Linux data security.

5. Utilizing SSH
The protocols Telnet and rlogin which adopt plain text format can not be encrypted, so security loopholes may exist. However, if users adopt SSH, a kind of encrypted protocol used between client and server, Linux data security can be ensured to some extent.

6. Updating system timely
To maintain Linux data security, users might as well update system timely, so as to get the latest patch, security fixes and available kernel.

7. Locking Cron tool
Owning built-in characteristics, Cron tool usage right can be set via the two files /etc/cron.allow and /etc/cron.deny. Therefore, server managers just need to add names of forbidden users to /etc/cron.deny so as to protect Linux data security.

As mentioned above, there are multiple ways to maintain Linux data security. However, it is believed that there is no perfect system though software technology is moving towards excellence. Besides, factors which pose risks to Linux data security are increasing. Facing the urgent situation, users are supposed to scout for and take more effective measures to maintain Linux data safe.