Security

Back in section 7.1 on page , we discussed file permissions in Linux. This is a fundamental way to keep your system secure. If you are running a multi-user system or a server, it is important to make sure that permissions are correct. A good rule of thumb is to set files to have the minimum permissions necessary for use.

If you are running a network server, there are some other things to be aware of as well. First, you ought to uninstall or turn off any network services you're not using. A good place to start is the file /etc/inetd.conf; you can probably disable some of these. For most network services, it's also possible to control who has access to them; the /etc/hosts.allow and /etc/hosts.deny files (documented in man 5 hosts_access) can control who has access to which services. You also ought to keep up-to-date with patches or updates to Debian; these can be found on your nearest Debian FTP mirror.

Some other commonsense rules apply:

• Never tell anyone your password.
• Never send your password in cleartext across the Internet by using something like telnet or FTP. Instead, use encrypted protocols or avoid logging in remotely.
• Avoid using root as much as possible.
• Don't install untrusted software, and don't install it as root.
• Avoid making things world-writable whenever possible. /tmp is one exception to this rule.

While this is probably not of as much use to somebody not running a server, it is still pays to know a bit about security. Debian's security mechanism is what protects your system from many viruses.