Security is a balance between accessibility, usability, and restriction - too far in any of those directions, and you're in for trouble. Here are some tips on how to strike that balance with your Linux system.
The internet is full of people who want to destroy your stuff. Some of them are just curious, some are seeking a thrill, others are trying to steal your data, and some just want to watch things burn. Whatever their motive, it's your job as a sysadmin to keep these attackers out of your servers. If you're running a Linux system, this article is for you. We're going to run through some of the reasons why you need to harden your systems and other high-level considerations.
Building an operating system is a difficult balance, and a Linux distribution is no different. You need to consider the out-of-the-box functionality that most people are going to want, and accessibility for a wide swath of administrators' skillsets. If you make your distro very secure, but a newbie sysadmin can't figure out how to work with it…well, they're going to find an easier distribution to go learn on, and now you've lost that admin to another distribution. So it's really no surprise that, right after install time, most Linux distributions need a little bit of tweaking to lock them down. This has gotten better over the years, as the installers themselves have gotten easier to use and more feature-rich. You can craft a pretty custom system right from the GUI installer. A base Red Hat Enterprise Linux (RHEL) system, for example, if you've chosen the base package set, is actually pretty light on unnecessary services and packages.