Everybody should be concerned about their privacy and security in this day and age. It is a common misconception that if you are running Linux you do not need to concern yourselves with privacy and security issues. Every operating system has risks and vulnerabilities that can be exploited and leave you exposed.
In this article, you will learn about best practices that you can follow to avoid privacy risks and leaks.
Protect your user account with a strong password
This is compulsory, Always use password-protected user accounts on Desktop systems too. Use a password with strong complexity but memorability to ensure a more safe system.
Do not use an admin account for common use
Admin accounts held system-wide permissions which is not advisable for common use. Always use a standard or basic account for daily use. You can check your account status by going into Settings>Users.
Set up your screen lock
You can manually lock your system by a simple shortcut Ctrl+Alt+L. But you should always ensure screen locks by using a screensaver. Simply go to Settings>Privacy>Screen Lock.
Update your system regularly
Make sure to keep your system updated. Linux releases update regularly, these updates have security packages that keep your security up-to-date. So launch your Software Updater and install any new updates.
Keep your system clean
Make sure to only install applications that you need. More than necessary applications in your system will not only slow your system down but also expose it to more risks and vulnerabilities.
Browse websites with a valid SSL certificate only
When browsing and before giving any data on any website, always make sure the website is safe by checking the padlock icon color in your URL bar. It means your data will be transmitted using a secure socket layer (SSL) protocol and will not be exposed. Don't share any info if the padlock icon is crossed out or red.
Encrypt data
Full disk encryption option is available to users during the installation of Linux systems. Full disk encryption will encrypt all your system and you will need a key even to start the system.
You can set this Encryption setting during Linux installation. In Installation type simply select the option Advanced Features and check the “Use LVM with the new Ubuntu Installation” and “Encrypt the new Ubuntu installation for Security” options.
This encryption is hard to set up if you miss them in installation. In that case, your best option is to keep an up-to-date backup of your files and update it regularly.
Turn on your local firewall
Linux comes with a built-in ufw firewall. You can easily configure it with its GUI application gufw. To install gufw, run the following command.
sudo apt install gufw
Use a Virtual Private Network (VPN)
You can take a step further to protect your network privacy and use a virtual private network. VPN will hide and encrypt your network traffic such that you would appear to be a user from a different location and country than your own.
Restrict privileged access with SELinux or AppArmor
SELinux and AppArmor are tools that can help users define application restrictions like access to processes and files. These applications will make sure the damage from any attack is contained and your other data is safe.
Check for rootkits
Rootkits are malicious software that remains hidden and can assume command and control of your system without your knowledge. Use chkrootkit which is a rootkit detection tool to check for rootkit in your system.
You can install chkrootkit by running the following command
sudo apt-get install chkrootkit
Once installed, run the chkrootkit.
sudo chkrootkit
chkrootkit will scan your system for a while and let you know if you have any rootkit on your system.
Restrict remote connection settings
Secure Shell Protocol(SSH) is a protocol used for remote communication which presents a lot of risks to system privacy and security. But you can reduce the risk by making changes in the SSH config file by doing the following steps
Select a random free port that is not in use. To check if the new port is in use or free, run the following command.
nc -z 127.0.0.1 <port number> && echo "IN USE" || echo "FREE"
First to open the SSH config file, run the following command
sudo nano /etc/ssh/sshd_config
Now, search for the line with “Port 22” in the config file and change the port number to a new and free port number.
Next look for “PermitRootLogin” in the config file. Now you can change it to “PermitRootLogin no” if you don't want to allow the root user to remote login.
But if you still want the root user to allow remote login with SSH key-pair change it to “PermitRootLogin prohibit-password”.
Turn off daemons of listening services
You have some default applications that are running listening daemons on external ports. To check for such ports, run the following command.
netstat -lt
Now see if you need these services or not. And shut down the unnecessary services.
Conclusion
In this article, you have learned some basic steps to increase privacy in the Linux system. If you have any more privacy tips, do not forget to share them in the comment below.