Whether you use a single desktop or manage a lab full of servers, with the various threats we all face from hackers these days you simply have to make sure you're running a secure ship.

Running Linux gives you some inherent protection from attack, but you still need to take adequate steps to thwart any attempts that people might make to compromise your system.

Here are 10 of the best courses of action that you can take.

1. Create a firewall

It may sound like the most obvious piece of advice (just like using strong passwords), but it's amazing how very few people actually go to the effort of setting up a firewall. Even though you're probably using a router with a built-in firewall, there's no harm in setting up a software one as well.

Graphical firewalls, such as the popular Firestarter, are ideal for defining rules, enabling port forwarding and monitoring events.

2. Disable network servers

Apart from some popular tailor-made desktop distributions, such as Ubuntu, many distros install a plethora of network servers on the assumption you'll be using it as a server.

Even if you do, you should disable the daemons for services you won't be hosting. For example, you won't need the FTP daemon for transferring files onto another computer.

3. Use secure alternatives

Even if you need to allow other people to move files to and from your system, there are more secure options than good old FTP, such as SCP and SFTP.

These are also secure alternatives to Telnet, which transmits data in clear text. Encrypting the data before and after the transfer adds an overhead, but it's definitely worth the few extra few milliseconds it'll take.

4. Revoke non-root access

It's a little inconvenient at first, but you should make sure that normal users can't access system utilities – even harmless ones like fsck and ifconfig. The best way to do this is to use sudo, which is enabled on distros such as Ubuntu.

Sudo operates according to the directions in a file called '/etc/sudoers'. You can edit the file to restrict which commands normal users can run.

5. Copy your logs

Although you've probably never looked at one before, Linux – and any good app that runs on it – keeps detailed logs. Of course, logging doesn't actually prevent an attack, but it can help you track and analyse one if it does happen.

A hacker will usually cover his tracks and doctor the logs, so you should keep a copy of your logs in a non-standard location. You should also enable remote logging, which keeps a copy of the logs on a remote server.

6. Enable password aging

If you manage a bunch of machines, by setting up password aging you force your users to change passwords regularly. So if an account is compromised and the hacker is able to cover his tracks and stay hidden, his access will be clipped at the next password-changing cycle.

7. Restrict root logins

Logging in as 'root' isn't a good idea. You should always log in as a normal user and then work your way up with su or sudo. Many distros will have disabled root login on the graphical user interface, but you should also make sure that no other user logins give you root access. This will force hackers who have the root password to create a user account, which you can then easily disable.

8. Physically secure your machine

Although most attacks occur over the wires and the chances of an attacker gaining physical access to your machine are slim, you should take measures to secure access to your machines.

Password-protect your boot loader, and always lock your screen before leaving. You should also make completely sure that no one can boot your server from an external device.

9. Don't ignore security updates

All popular Linux distros take extreme steps when it comes to critical packages (such as servers). In addition to regular updates, they'll issue special security notices as soon as a vulnerability is discovered in any utility and make updates and patches available to plug them as soon as a fix is available. You should review each security update and apply it if you're using the vulnerable version.

10. Keep an eye on open files

A typical Linux distro has bundles of small nifty utilities. One such utility is lsof, which lists all open files. A 'file' in Unix-land can be anything from a regular text file to a network socket.

While listing open files, lsof will also tell you which process is using a specific port, what its process id is and which user is running it. If you find something out of the ordinary, it'll definitely be worth checking out.

-------------------------------------------------------------------------------------------------------

First published in PC Plus Issue 287

Liked this? Then check out 20 easy steps to secure Windows

Sign up for TechRadar's free Weird Week in Tech newsletter
Get the oddest tech stories of the week, plus the most popular news and reviews delivered straight to your inbox. Sign up at http://www.techradar.com/register

Follow TechRadar on Twitter