Jump to content
Akinix

How to Secure Linux


JohnG

Recommended Posts

  1. Enable the firewall:

    1. List open ports: sudo lsof -i -P -n | grep LISTEN

    2. Allow only needed:

      sudo ufw allow 22/tcp     # Allow SSH connections
      sudo ufw allow 80/tcp     # Allow HTTP connections
      sudo ufw allow 443/tcp    # Allow HTTPS connections

      You can also restrict access to specific IP addresses or subnets:

      sudo ufw allow from 192.168.1.10 to any port 22  # Only allow SSH from this IP
      sudo ufw allow from 192.168.1.0/24 to any port 443 # Allow HTTPS from this subnet
    3. Verify Firewall Status: Check the firewall rules you've set:
      sudo ufw status verbose

  2. sudo ufw enable
    

    UFW's default policy is to deny incoming connections and allow outgoing connections. This is generally what you want. Only open ports you explicitly need.

    Optional: Configure it to open only the necessary ports (if needed at all).

  3. Remove any unnecessary preinstalled software.

  4. Update the software to the latest versions:

    sudo apt update && sudo apt upgrade -y
    
  5. Disable the printing service if it's not needed:

    sudo systemctl mask cups
    sudo systemctl mask cups-browsed
    

    Then, reboot the system.

    If you need it later, you can re-enable it:

    sudo systemctl unmask cups
    sudo systemctl unmask cups-browsed
    

    Then, reboot the system or run:

    sudo systemctl start cups
    

    or

    sudo systemctl start cups-browsed
    

    depending on your needs.

  6. In all installed browsers:

    1. Enable the "HTTPS-Only" option, which disables unencrypted connections.

    2. Enable encrypted DNS (DoH).

    3. Disable third-party cookies.

Link to comment
Share on other sites

×
×
  • Create New...