[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

This is an old revision of the document!


Basic Security

These are things that every user can do to improve system security. Advanced topic will not be presented here, just the basics that every user can implement easily and will provide decent protection.

Use Strong Passwords

The strength of your password depends on three things:

  1. Length: A longer password is a stronger password. Guides suggest at least 8 characters.
  2. Complexity: The more varied the characters in the password, the stronger the password.
  3. Deducibility: The harder it is for an attacker to derive a password the better.

Make sure to change your password often so that if someone is trying to crack it, they will have to start over. Also see the ultimate guide for creating strong passwords.

Disable Unused Services

On Slackware, make unexecutable any rc files in /etc/rc.d that start services which you do not use. For example:

chmod a-x /etc/rc.d/rc.gpm-sample

The less services you use, the less chances that one has a bug that will allow an attacker to exploit it remotely.

Setup a Firewall

On Slackware, the easiest way to do this is by using Alien Bob's adaptation of the Easy Firewall Generator. Just generate the firewall, copy the output to /etc/rc.d/rc.firewall, and make it executable.

chmod a+x /etc/rc.d/rc.firewall

Other options include GUI firewall generation programs such as Firewall Builder.

X -nolisten tcp

By default, the Xorg server listens to port 6000 for remote connections. Sometimes you want remote connections, but if you don't, then disabling it is a good idea. The easiest way to do this is by creating this file at ~/.xserverrc OR /etc/X11/xinit/xserverrc.

xserverrc
#!/bin/sh
 
exec /usr/bin/X -nolisten tcp

You can specify more options to X in the same file if you need to.xserverrc

Check for open ports

Some ways to check for open ports are:

nmap localhost
nmap YOUR_EXTERNAL_IP_ADDRESS
netstat -luntp

Your external IP address can be found at sites like http://whatismyipaddress.com/. If you don't know what a port is used for check the wiki.

Scan the system for malware

The following programs are useful for detecting rootkits and viruses:

Although not that much malware exists for Linux, it is a good idea to scan once in a while.

Sources

 howtos:security:basic_security ()