# Maintaining A Secure Linux System?

## slicktux

i am making Gentoo my primary OS for my laptop, and i want to know how to keep my system secure as well as my data.

----------

## The Doctor

Welcome to Gentoo!

Secure against what? Stolen Laptop? Hacking? Water boarding the user to give up the password*?

If secure against theft is a priority, I would use a complete disk encryption scheme. I would use serpent since it appears to be the most secure cypher for the job.

In addition to keeping your system up to date, you should also make it a point to disable possible security holes. For example, you should configure ssh to never allow root log ins and you should probably restrict it to public key authentication rather than password. If you don't need ssh running, don't even add it to your default run level.

Use flags are another powerful tool. For example, if you don't need policykit, consolkit, pam etc, why install them at all? All they would be doing in that case is adding a possible security hole. Just in time (jit) is another risk. Compiling code as you need it is handy for java, etc but it leaves the possibility of malicious code being introduced.

Your kernel is another area to pay attention to. Just use what you need. If you don't need loadable module support, disable it and don't build any modules. This is because you (or your kernel) could be tricked into running a tainted module. Also, choose your kernel carefully. Hardened-sources has many security features, such as PaX.

You should also run a strong firewall such as iptables. You should set your rules to be on the conservative side, etc.

Of course, if you are just an average user then simply keeping up to date, running a firewall, and exercising good Internet safety should be adequate. I am sure other people will have suggestions, but without knowing exactly what kind of security you are thinking of, its hard to give any kind of answer.

* If your data is worth your life, you would be stupid to rely on any information online.

----------

## PaulBredbury

Use e.g. AppArmor on the Internet-facing apps (web browser, email, etc) and proprietary apps.

Use privoxy to filter ads etc. for your web browser.

----------

## slicktux

 *The Doctor wrote:*   

> Welcome to Gentoo!
> 
> Secure against what? Stolen Laptop? Hacking? Water boarding the user to give up the password*?
> 
> 

 

Thank you for thee informative answer for such a broad question.

"i don't see myself being water boarded in my life time "knocks on wood".  :Smile: "

----------

## mvaterlaus

hi,

I don't know, if you allready know this [1] guide, but it gives a start to general security in gentoo linux. check it out.

[1]http://www.gentoo.org/doc/en/security/security-handbook.xml

----------

## slicktux

 *mvaterlaus wrote:*   

> hi,
> 
> I don't know, if you allready know this [1] guide, but it gives a start to general security in gentoo linux. check it out.
> 
> [1]http://www.gentoo.org/doc/en/security/security-handbook.xml

 

ah great, thank you! i will be doing some reading on this handbook.

----------

