Check List for Linux Security

 

Check the list for Linux security.

Given its origins, Linux is an amazing operating system. It was a modest program. Linus Torvald, a Finnish programmer, wrote the modest program as a hobby. l-fledged 32-bit operating system. It is solid, stable, and provides support for an incredible number of applications. It has very powerful capabilities, runs very fast, and rarely crashes.

Unfortunately, Linux machines break almost every day. This is not due to the operating system's lack of security. The operating system is equipped with all the necessary tools to ensure its security. But the truth is. The level of security hasn't significantly increased despite its increasing popularity. On the other hand, our understanding of the hacker methods and the wide variety of tools and techniques available contributed to helping system administrators secure their Linux computers.

Our goal in this article is to list the most critical situations and how to prevent an invasion with simple measures.

1. Weak passwords Hackers typically attempt to breach a Linux system by cracking a password, primarily the root user's. Typically, hackers first target a common user, then leverage their access to the operating system to attempt gaining privileged access by cracking the root password. Good password policies and safe passwords are absolutely critical to the security of any computer. Several common mistakes are often made when selecting a password:
Use “password” as a password.
B: Use the name of the computer.
a well-known name from science, sports, or politics.
D refers to movies.
Anything that is part of the user's website is included.
references associated with the account.
 
The latest version of Linux offers shadowed passwords. If a cracker can see an encrypted password, cracking it would be a simple task. Hence, the shadow file, readable only by root, now stores the passwords instead of the password file. Before a hacker can crack a password, he needs to figure out an account name. Therefore, it's important to steer clear of simple account names. Another security measure is to apply “no login” to the account in the password file. You must apply this to all accounts that do not require system logins. Examples include Apache, MySQL, FTP, among others.

Limit which terminals root may log in from. A hacker will find it nearly impossible to penetrate the system if the root account can only log in from certain secure terminals. You can accomplish this by enumerating the permitted terminals in /etc/security. The login program will consider insecure any terminal that is not listed on this file, which is readable only by root.

2: Open Network Ports

Any Linux default installation will provide the operating system with a multitude of software and services. Several of them are not necessary or even wanted by the administrator. Removing this software and services will close the path to several attacks and improve security. You can use the /sbin/chkconfig program to prevent services from starting automatically at run levels 3, 4, and 5. Log in as root and type /sbin/chkconfig --list to view all the services set to start automatically. Select the ones you don’t need and type /sbin/chkconfig 345: name_of_service off. This procedure must be applied to all services that you wish to stop running. You can also use the xinetd server to disable other services.

3: Old Software Versions

Programs are constantly finding and fixing vulnerabilities on a daily basis. It is important, and sometimes critical, to keep up with the changes. There are mailing lists for every Linux distribution where one can have security-related information and the latest vulnerabilities found. 
Here are some places to watch for security holes:
·    http://www.redhat.com/mailman/listinfo/redhat-announce-list 
·    http://www.debian.org/MailingLists/ 
·    http://www.mandrakesecure.net/en/mlist.php 
·    http://www.suse.com/us/private/support/security/index.html 
·    http://www.freebsd.org/security/index.html
·    http://www.linuxtoday.com/ 
·    http://www.lwn.net/ 
Applying the released security patches to the programs as soon as they become available is crucial. Before applying the fixes, the hacker community will be aware of the discovered holes and will attempt to explore them.

4: Insecure and Badly Configured Programs

There are some programs that have a history of security problems. Some of these programs include IMAP, POP, FTP, portmap, and NFS, to name a few. The good news is that secure versions such as Spop, SFTP, or SCP can replace most of these programs.

It is important that, before deploying any service, the administrator investigate its security history. Sometimes simple configuration measures can prevent serious headaches in the future.

 

Some advice regarding a web server configuration is well worth mentioning:

Never run the web server as a privileged user;
Do not keep clients’ confidential data on the web server. You must record credit card numbers, phone numbers, and mailing addresses on a different machine.
Make sure the privileged data that a user supplies on a form does not show up as a default for the next person to use it;
Set acceptable values for the data that web clients supply.
Check vulnerabilities on CGI programs.

 

5: Stale and unnecessary accounts

Make sure to remove a user's account from the system when they no longer use it. This stale account won't have its password changed periodically, leaving a gap. You must remove any publicly readable or writable files owned by that account. When you remove an unnecessary service, make sure you remove or disable the correspondent account. 

Security resources on the Web

Bugtraq includes detailed discussions of Unix security holes.
http://www.securityfocus.com/

Firewalls: Discuss the design, construction, operation, and maintenance of firewall systems.

http://www.isc.org/services/public/lists/firewalls.html

RISKS Discuss the risks to society caused by computers.

http://www.risks.org/

Insecure.org

http://www.insecure.org/

Location:

Share :