First step in this is to have a Security as a Policy - A Security Policy.

With out this you are not having clear definition to what you want to

protect and what to do when you find any violations. I would suggest

to have a look at Site "Security Handbook" an RFC 2196.

A GNU/Linux distributions has lots of softwares coming along with it as

its installation part,so a GNU/Linux user needs to be aware of what

packages he should install on the server systems which he is going to

use in production environment.

Choosing a right password for an account. Always this is the point which gets stressed by the

Security experts,and this is where maximum people override choosing

the right password for there account and some or the other day

compromise occurs. Passwords chosen for the systems should be of

alphanumeric kind and every 3 months they should be changed and as

far as possible use impersonal passwords i.e passwords should not be

based on date of birth, children names etc. Length of the passwords

are to be of minimum six characters.And should be revoked after

some number of failed attempts.

The Account which makes you

Powerful – "root". Knowing the root password is

privilege and at the same time is of great responsibility. you become

the GOD of the systems you can do whatever you want with the system -

its under your control. The "root" account has no security

restrictions imposed upon it.

For security reasons, never

login on your server as "root" unless it is absolutely

necessary an instance that necessitates root access. Disable the

remote logins directly for the root account,to become root login with

normal user account and then "su" to become root.

Set the login time out for the root account. Add to your /etc/profile

TMOUT=1800. This means if a user leaves a console/terminal without

logging out then shell after time specified by above parameter will

logout the user. Enable the command history in /etc/profile by adding

to your /etc/profile HISTSIZE=10 or some figure you would like to

keep. Zeroing the .bash_history file so that when user logout the

history file get deleted. HISTFILESIZE=0 .

Single user login mode of GNU/Linux
Passing these parameters to the Linux kernel

will make land you up in a single user mode where usually

administrators are supposed to do system maintenance activities after