There are several Things to do, to keep a system uncompromised.
The Key Task is to make Access to the System a diffilcut as possibile for an unwanted Intruder
and at the same Time as easy as possibile for the authorized Users.
But there is a certain Line where a authorized User will become an Intruder, this Line has to be fortified as well.
First of All stay informed.
The best way to keep the Flow of Information coming is to subscribe to Security Mailinglists.
For Debian this is: http://lists.debian.org/
I would recommend the debian-security-announce at least.
In general it is a good Idea to keep the System updated.
It is an especially good idea to update whenever a Security Problem is fixed.
Updating will fix Flaws in the Software and provide You with new Versions as well.
So from Time to Time run as root:
apt-get update
Please note that every Time the Kernel is updated (actually a new one added), the custom Kernel Modules like Nvidia have to be rebuilt.
apt-get upgrade
apt-get dist-upgrade
Most Attempts to break into a Computer are performed on the Username root.
To manage a remote System it is cumbersome to login as unpriviledged User,
su - root and key in the long complex Password to do any actual work.
But leaving root open for remote Connections is a Security Risk.
The following Procedure has proven to increase the Security while making remote Logins less complicated:
In /etc/ssh/sshd_config set
PermitRootLogin without-password
and ensure
PermitEmptyPasswords no
and reload the sshd Configuration
/etc/init.d/ssh reload
Then work throug the following List.
ssh-keygen -t dsa (accept Defaults) if You dont have any DSA Keycat .ssh/id_dsa.pubssh user@server.domain.extsu - rootvi .ssh/authorized_keys:wqˆd ˆdssh-addssh root@server.domain.ext
The old Page about patching Fedora Systems is still here