DEV Community

Cover image for How to secure debian linux step by step
Ankan Saha
Ankan Saha

Posted on

How to secure debian linux step by step

  1. Enable a firewall: A firewall will help protect your computer from attacks by blocking incoming connections that are not authorized. There are a few different firewalls that you can use on Debian, but we recommend using UFW. To install UFW, run the following command:

sudo apt-get install ufw

Once UFW is installed, you can enable it by running the following command:

sudo ufw enable

  1. Install security updates: One of the best ways to secure your Debian system is to install security updates as soon as they are released. Debian provides a tool called “unattended-upgrades” that will automatically install security updates for you. To install unattended-upgrades, run the following command:

sudo apt-get install unattended-upgrades

Once unattended-upgrades is installed, it can be configured by editing the file /etc/apt/apt.conf.d/50unattended-upgrades.

  1. Use strong passwords: Using strong passwords is one of the best ways to protect your accounts from being hacked. A strong password is at least 8 characters long and contains a mix of uppercase and lowercase letters, numbers, and symbols. To change your password, run the following command:

passwd

  1. Encrypt your home directory: Encrypting your home directory will help protect your data from being accessed if your computer is stolen or compromised. To encrypt your home directory, you will need to install the “ecryptfs-utils” package. To install ecryptfs-utils, run the following command:

sudo apt-get install ecryptfs-utils

Once ecryptfs-utils is installed, you can encrypt your home directory by running the following command:

ecryptfs-migrate-home -u username

  1. Use a VPN: Using a VPN (Virtual Private Network) will help protect your traffic from being intercepted by attackers. There are many different VPN providers that you can choose from, but we recommend using a provider that uses the OpenVPN protocol.

  2. Disable root login: By default, the root user is allowed to login to a Debian system. However, it is recommended to disable root login for security reasons. To disable root login, you will need to edit the file /etc/ssh/sshd_config.

  3. Install intrusion detection software: Intrusion detection software can help detect and respond to attacks on your system. We recommend installing the “fail2ban” package. To install fail2ban, run the following command:

sudo apt-get install fail2ban

Once fail2ban is installed, you will need to configure it. The fail2ban configuration file is located at /etc/fail2ban/jail.conf.

  1. Set up a logwatch: Logwatch is a tool that can help you monitor your system logs for suspicious activity. To install logwatch, run the following command:

sudo apt-get install logwatch

Once logwatch is installed, you can configure it by editing the file /etc/logwatch/conf/logwatch.conf.

  1. Use a security-focused web browser: Using a security-focused web browser can help protect you from malicious websites and web-based attacks. We recommend using the “Tor Browser”. To install the Tor Browser, run the following command:

sudo apt-get install tor-browser

  1. Keep your system up-to-date: Keeping your system up-to-date is one of the best ways to reduce the risk of being attacked. Debian provides a tool called “apt-get” that can be used to install and update packages. To update all of the packages on your system, run the following command:

sudo apt-get update && sudo apt-get upgrade

Top comments (0)