Linux systems security is becoming more and more important issue. As the IT world is growing towards more and more development, the complexity is also increasing. And so are the threats to the system.
Lot of IT services are required for an organization to run successfully. The most common services are mail, fax, telephone, database, authentication services and several others. Interestingly unix family systems like linux, unix, solaris, aix all can provide these services. Among all Linux is growing very rapidly in capturing the market share.
As more and more companies are using Linux as their servers to get all kind of IT services, the dependencies are also increaing. So, the security of these systems is also a growing concern for these companies. I’m listing out some of the general measures which should be taken for securing Linux systems. Though I am using Linux to refer to the operating systems, but these may apply to other members of the family as well, like unix, solaris, linux variants, aix and so on.
The list is as below:
- Be offline while hardening linux system for security.
- Choose root password for system wisely.
- Never login as root user.
- Set time out for root login.
- Disable ctrl+alt+del for system shutdown.
- Mount /boot as read only
- Copy logs on separate disks
- Keep bare minimum suid and sgid files
- Group and World writable files
- Utilize Pluggable Authentication Modules
Be offline while hardening linux system for security
The first and foremost precaution to be taken while hardening your system for security is to be offline. Don’t be online during that time, else you risk the compromise of your system from online attacks. You can go offline by shutting down your network interfaces e.g
ifconfig eth0 down
or you can completely shutdown networking by running the command:
/etc/rc.d/init.d/network stop
Choose root password for system wisely
The root password should be chosen very wisely. Something which you can remember easily and others can not guess it right easily. A good mix of Caps, Smalls, Numbers and special characters and minimum of 8 characters should be enough. Don’t share your passwords with anyone.
Never login as root user
The root login is omnipotent as far as linux system is concerned. You say to it wipe-out the complete system and it will do so. Most of the accidents happen only when you are logged in as root. So beware of using root user. Instead use sudo commands. Almost all or 99.99% tasks can be completed without logging in as root user and using sudo commands.
Set time out for root login
Set the time-out for the root login. This is particularly important if by chance you forget to log out of the system. TMOUT comes at your rescue. In /etc/profile set TMOUT=300. So that will automatically logout a user after 300 seconds. The time can vary as per your requirements.
Disable ctrl+alt+del for system shutdown
You should disable ctrl+alt+del for linux systems. In most linux command line systems, this key sequence restarts the server. That can be dangerous if you press this most common sequence accidentally. To disable it open: /etc/inittab and read something similar to:
ca::ctrlaltdel:/sbin/shutdown -t3 -r now
If this is commented out and reads like
#ca::ctrlaltdel:/sbin/shutdown -t3 -r now
Then run the command:
init q
This refreshes the inittab database being used at backend in system cache and changes take effect immediately.
Then fine, else comment it out so that you don’t accidentally restart your system.
Mount /boot as read only
The partition /boot keeps many important files to boot up the system. If someone tempers with the files, the system may stop booting correctly or it may not boot at all. So, it’s better to mount /boot as read only to avoid any kind of such risks.
Copy logs on separate disks
The hackers normally don’t want to leave their traces on the system they worked on. So, they mostly attack your log files as well to wipe-out the proofs of their visit to your systems. Its always good to keep copy of your logs on separate disks. In my view, a separate log server should be there to keep all logs of the servers instead of keeping logs on same server. That provides better security.
Keep Bare Minimum suid and sgid files
The suid and sgid programs are those which run with root privileges at run time. Ideally there should not be any sgid or sgid programs. But it’s not possible to go without these. e.g passwd program runs with suid privileges. So, keep suid and sgid program files minimum on your system.
You like to read the article Why SUID Programs Are Dangerous to know more about dangers of suid and sgid programs.
Utilize Pluggable Authentication Modules
Pluggable Authentication Modules also known as PAM are useful for system security. They are excellent for enforcing length of passwords, disabling console access, login times, blocking su to root and so on.
The list goes on endlessly and I’ll keep on writing on different aspects of security. So keep visiting, keep reading and be better informed. 🙂