Be extremely careful about installing new software. Never install binaries obtained from untrustworthy sources.
When installing new software, do not unpack or compile it as root. Consider building it in a chroot environment. Install it first on a noncritical system on which you can test it and observe any misbehavior or bugs.
Run integrity checks on your system on a regular basis (see Chapter 20).
Don't include nonstandard directories in your execution path.
Don't leave any bin or library directories writable by untrustworthy accounts.
Set permissions on commands to prevent unauthorized alteration.
Scan your system for any user home directories or dot files that are world-writable or group-writable.
Don't leave untrusted floppies in the floppy drive.
If you suspect a network-based worm attack or a virus in widely circulated software, call a FIRST response team or the vendor to confirm the instance before sounding any alarm.
If you are attacked by a network-based worm, sever your network connections immediately.
Never write or use SUID or SGID shell scripts unless you are a hoary Unix wizard.
Disable terminal answer-back, if possible.
Never have "." (the current directory) in your search path. Never have writable directories in your search path.
When running as the superuser, get in the habit of typing full pathnames for commands.
Check the behavior of your xargs and find commands. Review the use of these commands (and the shell) in all scripts executed by cron.
Watch for unauthorized modification to initialization files in any user or system account, including editor startup files, .forward files, etc.
Periodically review all system startup and configuration files for additions and changes.
Periodically review mailer alias files for unauthorized changes.
Periodically review configuration files for server programs (e.g., inetd.conf).
Check the security of your at program, and disable the program if necessary.
Verify that any files run from the cron command files cannot be altered or replaced by unauthorized users.
Don't use the vi or ex editors in a directory without first checking for a Trojan .exrc file. Disable the automatic command execution feature in GNU Emacs.
Make sure that the devices used for backups are not world-readable.
Make sure that any shared libraries are properly protected and that protections cannot be overridden.