A More Secure Linux

Hello readers,

As operating systems go there are preferences worth reviewing, and features worth noting within the world of Linux. Many of my readers use Linux for the same reasons I do, and one of those reasons is security.

How secure is Linux?

Compared to BSD it’s not particularly secure or insecure. It has clear advantages for most users when compared to Windows, and is arguably more secure than a Mac – due in part to the ways most hackers actually compromise an operating system. (Not that this indicates the likelihood of such an attack is necessarily higher strictly due to use.)

When we talk about Linux being more secure, it generally has something to do with how few viruses actually work against Linux. It isn’t true that none do, though it is entirely true that over 99.9% of traditional viruses and most malware in general have literally no effect on any Unix or Linux type environment due to the privelege escalation required to actually compromise such a system.

But does that mean it’s really more secure?

During the installation of most Linux based operating systems, there comes a part where you are offered an opportunity to encrypt certain folders or even partitions; i.e. the home folder, the root folder, etc. This might seem like a sure fire way to prevent anyone from compromising a system but it actually isn’t necessarily more than a slight improvement and an extra step while logging on. The AES type encryption used isn’t different than the kind encrypting your password, which is generally located in /etc/shadow.

What does increase the security of a Linux system is an option to make certain files unchangeable.

How to make a file immutable on Linux

I’m copying a bit from the link above here for quicker implementation’s sake.

Protecting important files

You can protect important files such as:

  • /etc/php.ini
  • /etc/passwd
  • /etc/shadow
  • /etc/group and more

 sudo su (followed by password at prompt)

 chattr +i /etc/shadow <— This snippet makes it impossible to delete or change your password – it should be followed immediately with chattr +i /etc/group and optionally chattr +i /etc/passwd

The link of course get’s far more involved with Chattr but you get the general idea. Optionally you can get install AES Crypt.

Optionally if you are handy with Python you can use Pycrypto.


By itself Linux has advantages regarding firewall simplicity, integrity checking, and even experienced admins will admit that ssh-ing into a Linux machine with a reverse shell is no guarantee of anything provided the user has even a passing familiarity with their system. Setting an approved ssh key for a remote desktop often requires specialized x session configurations. <— Not easy to do remotely.

That means that really aside from seeing that the machine is there, even within one’s own network connecting and affecting are not guaranteed. While telnet, ssh, and rdp connections are almost as easy as using ftp to upload a file to a server, “Taking control of someone’s computer” is a bit trickier. (VNC passwords should of course not be the same as root passwords FYI.)

The most common exploits are still browser based and socially engineered, which means someone is more likely to defraud someone out of your passwords for websites and that doesn’t really change based on your operating system preference. Google’s Chrome OS has done a great job trying to idiot proof their browsers.

Linux can be zipped up tighter than anyone would guess, and depending on one’s browser configuration they could be relatively safe. The same can be done to some degree on any OS, the more obscure the less likely to be targeted directly.

It eventually boils down to things like encryption, RSA standards use a public key and a private key to make really big prime numbers or semiprime numbers that are very difficult to decrypt due to the many possibile combinations of numbers that those huge numbers might actually consist of.

9×9 = 81 so you could reasonably determine that 81 might represent 9×9…

On the other hand the number below is just an example of the number one might be stuck trying to decrypt to get at someone’s credit card information. What two numbers was it made of?

RSA-100 = 15226050279225333605356183781326374297180681149613

This isn’t just a deterrent, it’s what makes your information more secure. Linux keygeneration can be done manually of course as indicated here.

That can be coupled with literally dozens of other methods to make secure connection between two Linux machines very secure. An article from digital ocean talks about that in greater detail here.

Out of the box even samba is only as secure as your configuration allows… But if you just keep a picture of a trollface in your shares folder and it gets hacked who really won?

The truth is that when properly motivated nothing is bulletproof. Setting a bios password is thwarted by popping out the battery, changing it to allow a usb to boot could allow someone to peruse your system from a live environment, or even to email themselves copies of your files. So using online storage might be almost a healthy level of paranoia if you think someone is motivated enough to snoop on your system.

Worse yet, simply taking someone’s hard drive out and popping it into another machine isn’t necessary, provided the attacker knows how to rig an external hard drive connection wire. That might be a reason to encrypt those home folders. (Just don’t leave the password on the same machine.)

Does the standard “hacker” know how to do all of this stuff? Probably, but most attacks really do start with lower tech approaches. Shoulder surfing, garbage sorting, social engineering… At the end of the day you just have to make it harder than it’s worth to get anything you value out of your digital world. Save things on external storage and hide it, or just don’t have anything more valuable than your links to my website.

*Based on user experience, our picks for best Linux 2016

#Cheers and I’ll do more articles like this in the near future.

Spread the love

62 thoughts on “A More Secure Linux

  1. You actually make it seem so easy with your presentation but I find this topic to be really something which I think I would never understand. It seems too complicated and extremely broad for me. I’m looking forward for your next post, I’ll try to get the hang of it!

  2. I do accept as true with all the ideas you have introduced on your post. They’re very convincing and will certainly work. Nonetheless, the posts are too quick for beginners. May you please lengthen them a bit from next time? Thank you for the post.

  3. This is really interesting, You are a very skilled blogger. I have joined your rss feed and look forward to seeking more of your excellent post. Also, I have shared your website in my social networks!

  4. Thank you for the sensible critique. Me and my neighbor were just preparing to do a little research on this. We got a grab a book from our local library but I think I learned more clear from this post. I am very glad to see such magnificent info being shared freely out there.

  5. I am not sure where you’re getting your information, but great topic. I needs to spend some time learning much more or understanding more. Thanks for magnificent info I was looking for this information for my mission.

  6. Hey, you used to write excellent, but the last several posts have been kinda boring¡K I miss your tremendous writings. Past several posts are just a little out of track! come on!

  7. Definitely believe that which you said. Your favorite reason appeared to be on the web the easiest thing to be aware of. I say to you, I certainly get irked while people think about worries that they just do not know about. You managed to hit the nail upon the top as well as defined out the whole thing without having side effect , people could take a signal. Will likely be back to get more. Thanks

  8. Thank you a lot for sharing this with all folks you really realize what you are speaking about! Bookmarked. Please additionally visit my site =). We may have a hyperlink exchange arrangement between us!

  9. Thank you for sharing excellent informations. Your web site is so cool. I’m impressed by the details that you have on this web site. It reveals how nicely you perceive this subject. Bookmarked this website page, will come back for more articles. You, my pal, ROCK! I found just the information I already searched everywhere and just could not come across. What a perfect web-site.

  10. Its like you read my mind! You appear to know so much about this, like you wrote the book in it or something. I think that you can do with a few pics to drive the message home a little bit, but other than that, this is excellent blog. A great read. I’ll certainly be back.

  11. My husband and i have been relieved that John could conclude his studies out of the ideas he got through your site. It’s not at all simplistic to just be making a gift of secrets which other folks might have been making money from. Therefore we understand we need you to be grateful to for this. All of the illustrations you made, the easy web site navigation, the friendships your site assist to foster – it’s everything awesome, and it’s really leading our son and our family reason why this matter is thrilling, and that’s really fundamental. Thanks for the whole thing!

Leave a Reply

Your email address will not be published. Required fields are marked *