10 tips for ensuring Linux Desktop Security

10 tips: Ensure the security of Linux desktops-general Linux technology-Linux technology and application information. For more information, see the following. 0: w (5 (it is easy to know that Linux Desktop is safer than most other desktops. However, this level of security does not necessarily reach the software or technology that focuses on typical security. Sometimes, the simplest means are those that are the easiest to forget. You may find that these suggestions are purely common sense, but you may also find security measures you have never imagined before. If you are a beginner in Linux, these suggestions are a good start for you and will also become your good Linux experience.


The following are suggestions for Linux Desktop Security:

1. It is very important to lock the screen and log out.
Most people forget that Linux Desktop is a multi-user environment. Because of this, you can log out of your desktop and others can log in, which means that others can use your desktop, which means you should log out of the desktop after you finish your work.
Of course, logout is not your only choice. If you are the only user on your system, you can lock your screen. Locking the screen means you need to enter your personal password to re-enter the desktop. The difference is that when you return to the desktop, these programs will continue to run.

2. Hiding files and folders is a quick way
In Linux, files and folders are added before the file name '. ', for example, the "test" file will appear in the folder, but ". "test" does not appear. To view hidden files, go to the corresponding folder on the terminal and run the ls-a command to view the hidden files.
Therefore, if you have a file that you don't want your colleagues to directly view, the simplest way is to add ". you can also use mv test on the terminal. test (test is the file you need to hide.

3. A good password is required
Your password is the golden key of your Linux system. If you give your password to someone else, or you use a weak password, your golden key may become a golden key for everyone.
If you use permissions such as Ubuntu, the password will give you more access permissions. To avoid unnecessary losses, you must use a strong password. Of course, you can also use a dedicated automatic password generator to create a strong password for you.

4. Installing file sharing is dangerous.
I know that many Linux users can easily enable file sharing. If you are at home and have no access to the Internet, you can enable it. However, at work, not only do you open shared files, but may be colleagues in the company or users on the network. Others can share some of your sensitive information over the Internet, or use other methods to damage your computer information. Therefore, as a rule, do not install file sharing tools.

5. Real-time update is a wise choice
Linux is not Windows. In Windows, you can only obtain it after Microsoft officially releases a security patch. Generally, Microsoft takes a lot of time and effort. In Linux, a security patch may be released in minutes or hours after the vulnerability is discovered. In the KDE and Gnome desktop environments, small software with real-time detection and updates is provided, I always recommend that you keep these mini programs running, so that you can install them in time once there are useful updates and releases. Do not suspend Security Updates. There must be a reason for its release.
6. Installing the virus protection software is very useful.
Believe it or not, virus protection plays a very important role in Linux. Of course, the possibility of damage caused by viruses to your Linux system is very small, but the emails you forward may cause damage to other windows users. There is a good virus protection tool, such as ClamAV, you can ensure that your email goes out of your computer without any harm, so that, other companies will not come to the door because of your email hazards.

7. SELinux is indispensable
SELinux (Security-EnhancedLinux) is an access control system developed by the National Security Agency (NSA. It helps to lock access control applications. Linux without SELinux protection has the same security level as Windows, which is level C2. However, Linux protected by SELinux has a security level of level B1. Of course, SELinux may sometimes be a pain. In some cases, it may affect your system performance. You may find that many processes are struggling to run, which is very difficult, however, the security comfort you get from using SELinux (or AppArmor) is far greater than its negative impact. you can experience the Security comfort it brings to you in Fedora!

8. creating independent partitions for/home is safer
In Linux, the default/home installation path is under your root. This is good, but first, it is standard, so anyone who gets access to your computer immediately knows where your data is. Second, if your computer is attacked, your data will disappear.
To solve this problem, you can separate hard disks or all disks in/home. Of course, this is not necessary, but if you are very concerned about your data, it is worth doing!

9. Using a non-mainstream desktop is very valuable.
Not only are these alternative desktops (Enlightenment, Blackbox, Fluxbox, etc.) that give you a new sense of your computer, in addition, the simple security protection they provide from a special perspective may be something you have never considered before.
When I only need a kiosk to do one thing, I will use Fluxbox on it, for example, browsing the network. This can be easily implemented by creating a single mouse menu (or desktop icon) for your desired application ). Unless you know how to return to the command line (logout or type Ctrl-alt-f *, * represents a desktop other than your current desktop), they cannot start any other application, of course, besides what you provide.
Since most users do not know how to use this desktop, they do not have the slightest idea to get your files. This is a simple camouflage security.

10. It is best to stop the service.
This is just a desktop computer, not a server. So why do we need to run services like httpd, ftpd, and sshd? You don't need this, and they also pose security risks to you, unless you know how to lock them, don't run them. Check the files in your/etc/inetd. conf file to ensure that unnecessary services have been injected. This is a simple but effective method.