10 Best Tips to Super Upgrade Linux Security
Linux is a secure operating system and is head and shoulders above the rest. But it is not a silver bullet for all security related problems. There are some gaps which bad actors can exploit due to simple human error to gain access. Due diligence on closing these gaps can make breaking into your Linux system a near impossibility, an impregnable castle and a nightmare for bad apples.
- By: LIX Linux
- Published on: July 21, 2025
10 Best Security Tips
Harden Firewall
Strong Passwords
Sudo Less Accounts
Lock Screen
Open-Source Apps
Regular System Updates
Sandbox Apps
Malware Scanning
Secure Browser
Virtual Machine Isolation
1. Setup Firewall
Enable the Firewall. This secures your connection to the internet. This will help you to monitor all incoming and outgoing traffic. Furthermore, you can view connections, view logs, create strict rules and start monitoring incoming traffic according to your needs.
On LIX Linux, firewall is already enabled and running. The Firewall can be accessed in system settings and should be adequate for most users who are new to using it but you should tweak it according to you needs and you can take firewall security up a notch with Iptables firewall later.
2. Strong Passwords
Make sure you are using a strong password for the main user login account on Linux and as well as for your Sudo password and any web services your are using.
Just having a strong password, makes a great deal of difference. Create strong and complicated passwords, avoid easy to guess, short and weaks ones and highly avoid recycling passwords. As recycled passwords can wreck havoc and can have a domino effect for all your accounts if a single service is ever breached.
No one should be able to guess your passwords. You can use a password manager for creating strong passwords and safely storing them. There are many great password managers apps for Linux. Choose the one which suits you best and you’re most comfortable with.
3. Sudo Less Accounts
Sudo is the secret sauce for security. Every administrative action require high level permission which is conveniently provided by Sudo. With Sudo you can run commands without having to be root.
This is a great security tools as it is a much safer way to execute command without root level access. However, if you are doing general tasks which don’t require high level access like watching videos, surfing the web, editing photos etc, then it is a great idea to create a new and separate user account for it and not give Sudo access to it.
Creating new users without Sudo is easy task and can be conveniently done using the “users” settings from system settings app on LIX Linux. In case, a malicious file lands on your system it can cannot execute harmful code as it cannot get past the security barrier. Also, if an unauthorized person gain access they can never install anything malicious on the system without Sudo.
4. Lock Screen
Never leave your system unattended. The ability to lock your screen is an underrated feature and often flies under radar for most users. But it can be an extremely useful tool.
Consider you need to go away for a few moments and don’t want to logout and lose all the work, locking the screen can be a life saver here. But, sometimes, the task is benign and you have to leave your system thinking that you’ll be back in a short while.
But you end up taking longer than usual or forget about the running system. While your system is running, everyone who passes by can see your screen. Anyone can access the computer and can take advantage of the situation. Look at your photos, copy files and access accounts. Always lock the screen whenever you leave your computer.
5. Open-Source Apps
Make sure that you have installed apps that are safe and well known. Don’t install every app on the computer for fun as rogue app could wreck havoc on the your system’s security.
One way to always make sure you are using secure apps is to check if the app is regularly receiving updates, there is documentation on it and is open-source.
Using open-source software greatly lower the chances of being infected with malicious programs. And always get apps from secure and respectable sources such as the Discover store, Flatpaks from Flathub and Appimages from official websites only. Avoid downloading from any other source unless you know what you’re getting into.
6. Regular System Updates
It is understandable that people who have used other OSes may dread the word updates. And hate having them applied in rude and obnoxious manner. But things on this side are different. Linux doesn’t force updates on users. It is user choice to update whenever they want to update apply.
System updates are regularly sent to Discover app and a widget for update is placed on the panel to inform you. Blue means app updates and red means system updates. Meaning you should update at earliest convenience.
But you should always try to apply updates as soon as they are made available and keep your system up to date all times. Sure, updates are designed to respect your choice, you can never update your system and things will work. But getting new sparkling updates to you system and apps will make your Linux system shine brightly.
7. Sandbox Apps
A strong approach towards security is to sandbox apps which you run on the system. Sandboxing is a great tool as it isolates the files from the system and can be executed safely, especially if you are receiving a lot of files. Firejail is a sandboxing tool and comes with options to run apps inside an isolated and sandboxed environment.
If you need to open a document or PDF file which makes you suspicious. Opening the document reader such as Okular in Firejail first to later read the file, would be a great way to stay safe. Another powerful approach is to use AppArmor to create hard rules for each app on what part of system it can access and what are its boundaries. Although, a great tool but requires some understanding of AppArmor and tweaking each app. But it is only done once and AppArmor set persistent rules unlike Firejail.
For starters, sandboxing apps like Firejail, provides a convenient way to easily launch often used apps like video player, gallery, PDF readers and more to be opened in sandbox. This way you can use them like any regular apps to open files which you don’t trust. Even websites you’re visiting for first time and don’t really trust, a sandboxed version of Firefox can be created to view them safely.
8. Malware Scanning
Linux is highly secure due to its design and exploits are virtually non existent. Malware doesn’t effect Linux the way it does to other operating systems. So, you don’t need to be continuously scanning the system.
But malware can pop up every once in a blue moon. It is usually designed for other operating system. If you are connected with them or receiving files from them. However, it won’t affect you but to ensure the security of others it is a good idea to scan and remove the malware file.
Also, if you receive a suspicious file in email and you end up downloading it is better to scan it with CLAM TK first before opening it. Due to robust Linux security, CLAM TK is not constantly scanning all files, it is an on demand anti-virus which doesn’t slow your system down. Also, being open-source comes it great transparency, no tracking, spying and works completely offline.
9. Secure Browser
One of the most important app is the Web Browser, it is the tool which connects you to great websites on the world wide web and the bad sites as well. Not all browsers are created equal, some exploit their users’ data for monetary benefits, while others provide hardly any defense against malware. Some even recommend that users remove tools like ad blockers and have tried to outlaw these security tools.
Secure browsers coupled with add-ons like uBlock Origin, No Scripts play a tremendous role in keeping you safe. Many browsers have built in ad and harmful content blockers but just a few are as robust as the mentioned add-ons.
Make sure you always use secure web browsers which are being constantly developed and updates. Take a few minutes to configure the web browser settings to block as much harm content as possible. Add useful add-ons, and change any default settings to maximum protection ones.
10. Virtual Machine Isolation
If you are testing with software, visiting websites which are potentially dangerous. Run a virtual machine to make sure those files remain isolated. If they do get infected you can simply delete the virtual machine and create a new one. Even if there is no potential threat.
Using a virtual machine is safe way to ensure that your system remains safe. You can keep your personal photos, documents and passwords on your host machine and keep your general computing needs such as web browsing, emails or your professional life in a virtual machine.
Conclusion
These ten best practices are by no means exhaustive but they can help make your system extremely secure. Sometimes, we may get overwhelmed and that’s understandable, applying all these measures in one day is neither fun nor feasible. It is a good idea to break these measures in chunks.
Starting with the basics such as using strong passwords, developing good security habits to lock screen and applying updates regularly. Later, getting good web browser and password manager. And purging the system of any suspicious files and unknown apps. Sandboxing is a great tool but many may not require it right now but can be good to have installed on system as it can come handy in future.
Starting by figuring out where your security level stands today, understanding your security needs and making gradual progress can help secure your Linux system like a great secure castle in the future.