Until someone designs an operating system that reads minds, security will depend on diligent configuration and administration, no matter what OS software you use. Your Linux machine can be extremely secure, but it's not going to get there on its own. Here are a few basic measures.
Disable Services
Shut down every service not 100 percent necessary for the specific purpose of a given machineââ,¬"when in doubt, turn it off. Any of the myriad services offered through inetd (Linux's "superdaemon") may be turned off by opening the /etc/inetd.conf file and inserting a "#" at the beginning of the line listing the service. All of the "r" services (rsh, rlogin and rcp) should be removed entirely and replaced, if necessary, with OpenSSH. If possible, OpenSSH also should replace telnet and ftp.
Restrict Access
Use IP Chains to block unused ports and suspicious packets (see for configuration specifics). Warning: IP Chains on your hosts is a supplement toââ,¬"not a replacement forââ,¬"stand-alone peri meter network firewalls.
TCP Wrappers (tcpd) limit access to inetd services to specific trusted hosts. Unless a service has to be accessible to the public, block connections by default, modify the /etc/hosts.deny file to read "ALL:ALL." Create exceptions to that default rule by listing trusted hosts for each service in /etc/hosts.allow.
