At present I am running debian etch and I was wondering if there are any other easy steps I take that will help me stay secure on my system.

I checkfor updates everday with apt and apply them as soon as any hit the repositories. I have enabled the etch security repositories also.

I do not run as root at all. When I need to run as root I use su or kdesu and then quick the application as soon as possable.

I change my root and user passwords regularaly.

I run chkrootkit and rkhunter regularaly.

I have a hardware firewall on my router and use ip tables locally on this machine (paranoir really).

I avoid pre built debian packages as much as possable, If I need them I get them from the projects own site or from sources I trust.

I have disabled all of the services that I do not need running.

So are there any other easy steps I can take to keep my self secure. I read the thread stickied above that covers security but much of it was too advanced for me. This is just a desktop machine.

Thanks in advance

Michael.

My is that you're doing quite well (better than me anyway). I would look into using sudo instead of su because you can limit your user to only specific root tasks (and I believe directories or files also). That way if you accidentally were to run some malicious script, it wouldn't be able to have complete root priveledges.

Also, in the event you have friends with Windows machines, you might use a virus scanner just to keep from infecting them (you're not affected by the viruses, but you can still transmit them by forwarding malicious attachments or file sharing, etc).

i will look into sudo, thanks. Well i dont run any scripts I download as root only as a user, so the script would only be able to infect that user accoutn correct?

That's correct. It may come to pass though that sometime down the road you do want to run a script that needs root priveledge. So it's a good habit anyway...

A few apps that may help you:

tiger
bastille
harden-tools (and a number of others with harden in the title)

are such tools overly restricting to what I can do? Or will they not affect my while im running an application as root?

Not at all.

Tiger just does a daily scan to check for security vulnerabilities and emails you a summary. It is up to you to fix any problems.

Bastille is run once. It looks for security holes and asks you what you want to do about them.

I haven't used harden-tools, so I can't comment on that one.

For the super paranoid there is selinux. But this one looks pretty hard to set up, and is probably a bit restrictive.

Hacking Linux Exposed is a good book to learn about security stuff. And easy to read even for newbie.

yeh iv read about selinux, seems fedora users have a hardtime with it