Linux is often hailed as being more secure than alternative systems, namely Windows and macOS. While this may be true in some cases, the actual security of your systems depends primarily on the methods and tools you’re using. If you freely allow remote access to your servers or run every file you come across, your system can be easily breached. 

Rather than take a risk and hope that no attackers or malware appear, you should take proactive action. In this article, you’ll learn some basics of Linux security. You’ll also be introduced to open-source tools that can help you ensure your systems remain secure.

Recommended Read: How to install ClamAV (Antivirus) & ClamTK on Linux

Also Read: Beginner’s guide to SELinux

The Basics of Linux Security

Understanding the basics of Linux security is vital to protecting your system. Before you try to add additional security tools, ensure that you are correctly using Linux’s built-in functionality. Below are ]important features to be aware of. 

Streamline Your Installation

Try to install the smallest version possible of the distribution you wish to use. Lighter versions save disk space and contain minimal add-ons, limiting your attack surface. Likewise, if you are planning to use your machine as a server, consider leaving out the Graphic User Interface (GUI). GUIs require installation of additional dependencies which can introduce additional vulnerabilities. 



You should use built-in firewalls unless you plan to use alternative measures. All standard Linux distros come with Iptables and some include alternate tools. For example, Red Hat-based systems include firewalld. Linux firewalls can be used to restrict both incoming and outgoing traffic. You can also use an internal Internet proxy server to filter outgoing traffic.


Security-Enhanced Linux (SELinux)

SELinux is a module that enables you to use Mandatory Access Controls (MACs). MACs specifically define access and modification rights for every user, process, file, and application in your system. It is designed to separate security enforcement from policy. SELinux can help you defend against privilege escalation from root services.


Root Access

Your root (administrator) account should be restricted in Linux after your system is configured. For administrative tasks, you should instead use sudo users. Sudo users can be given root access permissions on a limited basis. This limits the liability of compromised credentials while still allowing administrative tasks. It also enables you to better track individual administrator actions. 

Make sure to change your root password after creating your sudo users. Creating a complex string, generated by a script, is the most secure solution. Also, be sure to disable remote root logins after set up. This can prevent attackers from using brute force password cracking to remotely access your system. 

Open-Source Security Tools for Linux

Once you understand the basics, properly securing Linux requires careful use of the right tools and resources. The following are some open-source resources and tools you may find helpful.


 Threat Intelligence Resources

Although not technically a tool, threat intelligence resources can help you ensure that you are aware of any vulnerabilities your systems face. These resources are also what many of your signature-based tools rely on. 

Make sure to follow vulnerability reports, such as those put out by the National Vulnerability Database (NVD). NVD, which recently updated its classifications to CVSS v3.0, publicly releases vulnerability information as it is reported. They provide information on affected systems and resources for remediation. 



Wireshark, formerly known as Ethereal, is a network protocol analyzing tool. It enables you to monitor and log the traffic on your network. 

It includes features for offline analysis, VoIP analysis, decryption support, and live data capture. You can use Wireshark to collect data from a variety of connections, including Ethernet, IEEE 802.11, Bluetooth, USB, and ATM.



ClamAV is an antivirus engine you can use for web scanning, email scanning, and endpoint security. It can detect viruses, trojans, and malware using a multi-threaded scanner daemon.

ClamAV includes features for archive, executable, and document scanning, automatic signature updates, and command-line utilities. Detection is based on a virus database that is updated multiple times daily.



Nmap is a tool you can use for network discovery and security auditing. It enables you to create network inventories, manage service upgrade schedules, and monitor service uptimes. It is automatically included with many distributions, including Redhat, Debian, and Gentoo. You can use it through the CLI or GUI, called Zenmap.

Nmap includes features for port scanning, fingerprinting, and vulnerability scanning. It includes its own scripting engine and pre-written scripts. You can also write and use custom scripts.



OSSEC is a scalable, host-based intrusion detection system that you can use as a System Information and Event Management (SIEM) solution. SIEM solutions centralize logging and monitoring.

OSSEC includes features for log monitoring, correlation and analysis, file integrity monitoring, registry monitoring, policy enforcement, rootkit detection, and real-time alerting and response. It is designed to help you maintain regulatory compliance and includes auditing functionality for PCI-DSS and CIS. 



OpenVAS is a vulnerability assessment scanner. It includes access to vulnerability test information feeds that are updated daily. 

OpenVAS includes features for authenticated and unauthenticated testing, Internet and industrial protocols, and performance tuning. It includes its own internal programming language that you can use to create custom vulnerability testing scripts.



Linux systems have security advantages over other operating systems, such as more secure file handling. However, these systems are not bulletproof. Properly securing Linux systems requires careful configuration and proactive implementation of security policies and tools. 

Hopefully, this article helped you understand some of the configurations and tools you can use to secure your system. Once you’ve implemented a security solution that meets your needs, be sure to keep your systems updated. Out of date tools and systems can enable attackers to easily enter, undermining all your efforts.

test website speed in linux


Author Bio

Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.


If you think we have helped you or just want to support us, please consider these:-

Connect to us: Facebook | Twitter

Donate us some of your hard-earned money: [paypal-donation]

Linux TechLab is thankful for your continued support.