-
Do not allow root logins. UNIX developers came up with the
su over two decades ago for extra
security.
-
Direct root access is always dangerous and susceptible to human
errors, be it by allowing root login or by using the su - command. Rather than
using su, it is even better to use sudo to only execute the command that you need extra
permissions for, and to return afterwards to your own
environment.
-
Take passwords seriously. Use shadow passwords. Change your
passwords regularly.
-
Try to always use SSH or SSL. Avoid telnet, FTP and E-mail clients and other client
programs which send unencrypted passwords over the network.
Security is not only about securing your computer, it is also about
securing your passwords.
-
Limit resources using quota and/or
ulimit.
-
The mail for root should be delivered to, or at least read by,
an actual person.
-
The
SANS institute has more tips and tricks, sorted per distribution,
with mailing list service.
-
Check the origin of new software, get it from a trusted
place/site. Verify new packages before installing.
-
When using a non-permanent Internet connection, shut it down as
soon as you don't need it anymore.
-
Run private services on odd ports instead of the ones expected
by possible hackers.
-
Know your system. After a while, you can almost feel when
something is happening.
