[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| howtos:security:basic_security [2012/10/07 10:00 (UTC)] – created htexmexh | howtos:security:basic_security [2012/10/19 17:03 (UTC)] (current) – Grammar fix trunkline | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| <!-- Add your text below. We strongly advise to start with a Headline (see button bar above). --> | <!-- Add your text below. We strongly advise to start with a Headline (see button bar above). --> | ||
| ====== Basic Security ====== | ====== Basic Security ====== | ||
| - | These are things that every user can do to improve system security. Advanced | + | These are things that every user can do to improve system security. Advanced |
| ==== Use Strong Passwords ==== | ==== Use Strong Passwords ==== | ||
| The strength of your password depends on three things: | The strength of your password depends on three things: | ||
| Line 24: | Line 24: | ||
| By default, the Xorg server listens to port 6000 for remote connections. Sometimes you want remote connections, | By default, the Xorg server listens to port 6000 for remote connections. Sometimes you want remote connections, | ||
| The easiest way to do this is by creating this file at '' | The easiest way to do this is by creating this file at '' | ||
| - | <file bash> | + | <file bash xserverrc> |
| #!/bin/sh | #!/bin/sh | ||
| exec /usr/bin/X -nolisten tcp | exec /usr/bin/X -nolisten tcp | ||
| </ | </ | ||
| - | You can specify more options to X in the same file if you need to. | + | You can specify more options to X in the same file if you need to.xserverrc |
| + | < | ||
| + | On Slackware, listening for incoming XDMCP requests is disabled by default in both xdm and kdm, so it is secure by default. One may ask, why bother stopping Xorg from listening if this is the case. It is always better not to trust config files, as exemplified by an old bug report when [[http:// | ||
| + | </ | ||
| + | ==== Check for open ports ==== | ||
| + | Some ways to check for open ports are: | ||
| + | <code bash> | ||
| + | nmap localhost | ||
| + | nmap YOUR_EXTERNAL_IP_ADDRESS | ||
| + | netstat -luntp | ||
| + | </ | ||
| + | Your external IP address can be found at sites like http:// | ||
| + | If you don't know what a port is used for check the [[https:// | ||
| + | ==== Scan the system for malware ==== | ||
| + | The following programs are useful for detecting rootkits and viruses: | ||
| + | * [[http:// | ||
| + | * [[http:// | ||
| + | Although not that much malware exists for Linux, it is a good idea to scan once in a while. | ||
| ====== Sources ====== | ====== Sources ====== | ||
| <!-- If you are copying information from another source, then specify that source --> | <!-- If you are copying information from another source, then specify that source --> | ||
| Line 36: | Line 53: | ||
| <!-- * Originally written by [[wiki: | <!-- * Originally written by [[wiki: | ||
| <!-- * Contributions by [[wiki: | <!-- * Contributions by [[wiki: | ||
| + | * [[http:// | ||
| + | * [[http:// | ||
| + | * [[http:// | ||
| <!-- Please do not modify anything below, except adding new tags.--> | <!-- Please do not modify anything below, except adding new tags.--> | ||
| <!-- You must remove the tag-word " | <!-- You must remove the tag-word " | ||
| - | {{tag> | + | {{tag> |
