Linux Systems Security 10 General Measures

On June 17, 2010, in Security Knowledge Base, by Ganesh Dutt Sharma

Linux systems security is becoming more and more important issue. As the IT world is growing towards more and more development, the complexity is also increasing. And so are the threats to the system.

Lot of IT services are required for an organization to run successfully. The most common services are mail, fax, telephone, database, authentication services and several others. Interestingly unix family systems like linux, unix, solaris, aix all can provide these services. Among all Linux is growing very rapidly in capturing the market share.

As more and more companies are using Linux as their servers to get all kind of IT services, the dependencies are also increaing. So, the security of these systems is also a growing concern for these companies. I’m listing out some of the general measures which should be taken for securing Linux systems. Though I am using Linux to refer to the operating systems, but these may apply to other members of the family as well, like unix, solaris, linux variants, aix and so on.

The list is as below:

  1. Be offline while hardening linux system for security.
  2. Choose root password for system wisely.
  3. Never login as root user.
  4. Set time out for root login.
  5. Disable ctrl+alt+del for system shutdown.
  6. Mount /boot as read only
  7. Copy logs on separate disks
  8. Keep bare minimum suid and sgid files
  9. Group and World writable files
  10. Utilize Pluggable Authentication Modules

Be offline while hardening linux system for security

The first and foremost precaution to be taken while hardening your system for security is to be offline. Don’t be online during that time, else you risk the compromise of your system from online attacks. You can go offline by shutting down your network interfaces e.g

ifconfig eth0 down

or you can completely shutdown networking by running the command:

/etc/rc.d/init.d/network stop

Choose root password for system wisely

The root password should be chosen very wisely. Something which you can remember easily and others can not guess it right easily. A good mix of Caps, Smalls, Numbers and special characters and minimum of 8 characters should be enough. Don’t share your passwords with anyone.

Never login as root user

The root login is omnipotent as far as linux system is concerned. You say to it wipe-out the complete system and it will do so. Most of the accidents happen only when you are logged in as root. So beware of using root user. Instead use sudo commands. Almost all or 99.99% tasks can be completed without logging in as root user and using sudo commands.

Set time out for root login

Set the time-out for the root login. This is particularly important if by chance you forget to log out of the system. TMOUT comes at your rescue. In /etc/profile set TMOUT=300. So that will automatically logout a user after 300 seconds. The time can vary as per your requirements.

Disable ctrl+alt+del for system shutdown

You should disable ctrl+alt+del for linux systems. In most linux command line systems, this key sequence restarts the server. That can be dangerous if you press this most common sequence accidentally. To disable it open: /etc/inittab and read something similar to:

ca::ctrlaltdel:/sbin/shutdown -t3 -r now

If this is commented out and reads like

#ca::ctrlaltdel:/sbin/shutdown -t3 -r now

Then run the command:

init q

This refreshes the inittab database being used at backend in system cache and changes take effect immediately.

Then fine, else comment it out so that you don’t accidentally restart your system.

Mount /boot as read only

The partition /boot keeps many important files to boot up the system. If someone tempers with the files, the system may stop booting correctly or it may not boot at all. So, it’s better to mount /boot as read only to avoid any kind of such risks.

Copy logs on separate disks

The hackers normally don’t want to leave their traces on the system they worked on. So, they mostly attack your log files as well to wipe-out the proofs of their visit to your systems. Its always good to keep copy of your logs on separate disks. In my view, a separate log server should be there to keep all logs of the servers instead of keeping logs on same server. That provides better security.

Keep Bare Minimum suid and sgid files

The suid and sgid programs are those which run with root privileges at run time. Ideally there should not be any sgid or sgid programs. But it’s not possible to go without these. e.g passwd program runs with suid privileges. So, keep suid and sgid program files minimum on your system.

You like to read the article Why SUID Programs Are Dangerous to know more about dangers of suid and sgid programs.

Utilize Pluggable Authentication Modules

Pluggable Authentication Modules also known as PAM are useful for system security. They are excellent for enforcing length of passwords, disabling console access, login times, blocking su to root and so on.

The list goes on endlessly and I’ll keep on writing on different aspects of security. So keep visiting, keep reading and be better informed. :)

Tagged with:
 

Leave a Reply

 




More articles from the category: Security Knowledge Base


How Linux Systems Security is Compromised

The situation becomes even more dangerous when the suid/sgid programs are poorly written. e.g when suid programs are written, then at the run time the privileges are elevated. Now, if the programmer forgets to drop the privileges then the root privileges are retained by the program.

Linux Security: PAM an Introduction

Linux Security is greatly enhanced if authentication to the system is well under control. PAM plays a great role in this process. PAM expands to Pluggable Authentication Modules. I promise to explain PAM in as easy manner as I can. Just be ready to read forwards and you are done. Since the blog is tightly focussed on security of unix based system, so I assume the general basic knowledge of unix based operating systems.

Linux Systems Security 10 General Measures

Linux Systems Security is growing concern. Here I’ve listed few measures to be taken for securing the linux systems. Ganesh Dutt Shama: World is Welcome To The World of Security!!!