Everyone should be concerned about their privacy and security these days. It’s a common misconception that Linux doesn’t mean you don’t have to worry about privacy and security issues. Every operating system carries risks and vulnerabilities that can be exploited and leave you vulnerable.
This article will tell you more about best practices you can follow to avoid privacy risks and leaks.
Protect your user account with a strong password
This is mandatory. Always use password-protected user accounts even on desktop systems. Use a password that is highly complex but memorable to ensure a more secure system.
Do not use a general-use administrator account
Admin accounts had system-wide permissions, which is not advisable for general use. Always use a standard or basic account for daily use. You can check your account status by going to Settings> Users.
Set up your screen lock
You can lock your system manually with a simple shortcut Ctrl + Alt + L. However, you should always take care of screen locks by using a screen saver. Just go to Settings> Privacy> Lock Screen.
Update your system regularly
Make sure your system is up to date. Linux releases are updated regularly. These updates contain security packages that keep your security up to date. So start your Software Updater and install any new updates.
Keep your system clean
Make sure that you only install applications that you need. More than necessary applications in your system not only slow down your system, but also expose it to more risks and vulnerabilities.
Only browse websites with a valid SSL certificate
Whenever you browse a website and before giving any details, always make sure the website is secure by checking the color of the padlock icon in your url bar. This means that your data is transmitted using an SSL (Secure Socket Layer) protocol and is not disclosed. Do not give any information if the padlock symbol is crossed out or red.advertising
The full disk encryption option is available to users during the installation of Linux systems. Full disk encryption encrypts your entire system and you even need a key to start the system.
You can set this encryption setting during Linux installation. Under Installation type simply select the option Advanced Features and activate the options “Use LVM with the new Ubuntu installation” and “Encrypt the new Ubuntu installation for security”.
This encryption is hard to set up if you miss it when you install it. In this case, it is best to keep an up-to-date backup of your files and update them regularly.
Turn on your local firewall
Linux comes with an integrated ufw firewall. You can easily configure it with its GUI application gufw. Run the following command to install gufw.
sudo apt install gufw
Use a virtual private network (VPN)
You can go a step further to protect your network’s privacy and use a virtual private network. VPN hides and encrypts your network traffic so that you appear as a user from a different location and country than your own.
Limit privileged access with SELinux or AppArmor
SELinux and AppArmor are tools that users can use to define application restrictions such as access to processes and files. These applications ensure that the damage from attacks is contained and your other data is safe.
Check for rootkits
Rootkits are malicious software that stays hidden and can take control of your system without your knowledge. Use chkrootkit, a rootkit detection tool, to check for rootkits on your system.
You can install chkrootkit by running the following command
sudo apt-get install chkrootkit
After the installation, run the chkrootkit.
chkrootkit will scan your system for a while and let you know if there is rootkit on your system.
Restrict remote connection settings
Secure Shell Protocol (SSH) is a remote communication protocol that poses many risks to the privacy and security of the system. However, you can reduce the risk by making changes in the SSH configuration file by following the steps below
Pick a random free port that is not in use. Run the following command to verify that the new port is in use or that it is free.
nc -z 127.0.0.1 <port number> && echo "IN USE" || echo "FREE"
First, run the following command to open the SSH configuration file
sudo nano /etc/ssh/sshd_config
Now look for the line with “Port 22” in the configuration file and change the port number to a new and free port number.
Next, look for “PermitRootLogin” in the configuration file. Now you can change it to “PermitRootLogin no” if you do not want to allow the root user to log in remotely.
However, if you still want the root user to allow remote login with an SSH keypair, change it to “PermitRootLogin prohibition password”.
Disable eavesdropping daemons
You have some standard applications that run listening daemons on external ports. Run the following command to look for such ports.
Now see if you need these services or not. And turn off the unnecessary services.
In this article, you have learned about some basic steps to take to increase privacy in the Linux system. If you have any more privacy tips, don’t forget to share them in the comment below.