DEV Community ๐Ÿ‘ฉโ€๐Ÿ’ป๐Ÿ‘จโ€๐Ÿ’ป

Cover image for How to secure debian linux step by step
Ankan Saha
Ankan Saha

Posted on

How to secure debian linux step by step

  1. Enable a firewall: A firewall will help protect your computer from attacks by blocking incoming connections that are not authorized. There are a few different firewalls that you can use on Debian, but we recommend using UFW. To install UFW, run the following command:

sudo apt-get install ufw

Once UFW is installed, you can enable it by running the following command:

sudo ufw enable

  1. Install security updates: One of the best ways to secure your Debian system is to install security updates as soon as they are released. Debian provides a tool called โ€œunattended-upgradesโ€ that will automatically install security updates for you. To install unattended-upgrades, run the following command:

sudo apt-get install unattended-upgrades

Once unattended-upgrades is installed, it can be configured by editing the file /etc/apt/apt.conf.d/50unattended-upgrades.

  1. Use strong passwords: Using strong passwords is one of the best ways to protect your accounts from being hacked. A strong password is at least 8 characters long and contains a mix of uppercase and lowercase letters, numbers, and symbols. To change your password, run the following command:

passwd

  1. Encrypt your home directory: Encrypting your home directory will help protect your data from being accessed if your computer is stolen or compromised. To encrypt your home directory, you will need to install the โ€œecryptfs-utilsโ€ package. To install ecryptfs-utils, run the following command:

sudo apt-get install ecryptfs-utils

Once ecryptfs-utils is installed, you can encrypt your home directory by running the following command:

ecryptfs-migrate-home -u username

  1. Use a VPN: Using a VPN (Virtual Private Network) will help protect your traffic from being intercepted by attackers. There are many different VPN providers that you can choose from, but we recommend using a provider that uses the OpenVPN protocol.

  2. Disable root login: By default, the root user is allowed to login to a Debian system. However, it is recommended to disable root login for security reasons. To disable root login, you will need to edit the file /etc/ssh/sshd_config.

  3. Install intrusion detection software: Intrusion detection software can help detect and respond to attacks on your system. We recommend installing the โ€œfail2banโ€ package. To install fail2ban, run the following command:

sudo apt-get install fail2ban

Once fail2ban is installed, you will need to configure it. The fail2ban configuration file is located at /etc/fail2ban/jail.conf.

  1. Set up a logwatch: Logwatch is a tool that can help you monitor your system logs for suspicious activity. To install logwatch, run the following command:

sudo apt-get install logwatch

Once logwatch is installed, you can configure it by editing the file /etc/logwatch/conf/logwatch.conf.

  1. Use a security-focused web browser: Using a security-focused web browser can help protect you from malicious websites and web-based attacks. We recommend using the โ€œTor Browserโ€. To install the Tor Browser, run the following command:

sudo apt-get install tor-browser

  1. Keep your system up-to-date: Keeping your system up-to-date is one of the best ways to reduce the risk of being attacked. Debian provides a tool called โ€œapt-getโ€ that can be used to install and update packages. To update all of the packages on your system, run the following command:

sudo apt-get update && sudo apt-get upgrade

Top comments (0)

Here is a post you might want to check out:

Regex for lazy developers

regex for lazy devs

Sorry for the callout ๐Ÿ˜†