Over the last few years, system security has gained a lot of momentum and software professionals are focusing heavily on this aspect. Linux is often treated as a highly secure operating system. However, the reality is that Linux too has its own share of security flaws. And these security flaws allow external hackers to get into your system and modify or even destroy your important data. But there’s no need to panic, since there are various mechanisms by which these flaws can be removed.
The security system is in two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted. Let’s take a look at the major causes for security problems in Linux…
Local users can create a lot of problems for your system. It is bad policy to provide accounts to people you don’t know or for whom you have no contact information. It is better to follow some rules of thumb when offering access to your Linux machine: give users minimum privileges, monitor when and where they log in, remove inactive accounts and prohibit the creation of group user IDs.
Since the root account has authority over the entire machine, you should use it only for specific tasks. Even a small mistake made while logging in as a root user can lead to significant problems. Follow the simple rules below and they will help you.
• When running complex commands, first run them in a non-destructive manner. A simple example is to do an ‘ls’ before doing an ‘rm’ so that you are sure about the files you are going to delete.
• Give users an interactive rm for deleting the files.
• Become ‘root only’ to do specific tasks. If you want to experiment with something, go back to a normal user shell.
• The command path, which specifies the directories in which the shell searches for the programs, is very important. Limit the command path and never include ‘.’ (signifying the current directory) in your command path.
• The /etc/securetty file contains a list of terminals that root can log in from. Be careful while adding an entry to
File system security
Keep in mind the following points to help protect your systems and data stored on them.
If you are exporting file systems using NFS, configure /etc/exports with the most restrictive access possible. Do not use any wild cards.
/var/log/wtmp and /var/run/utmp contain the log-in attempts for all users. Their integrity needs to be maintained, as they help in determining when and from where a user has entered your system.
World-writable files can serve as a security hole. Also, world-writable directories are dangerous as they allow an intruder to add/delete files. You must locate the world-writable files on your system and make sure that you know why they are writable.
It is also important to locate the unowned files. The presence of unowned files might also be an indication that an intruder has accessed your system. You can locate such files by using the following command:
$ find / ( -nouser -o -nogroup ) -print
You should be able to find the .rhosts file. Use this command to locate that file :
$ find /home -name .rhosts -print.
Before you change the permission on any system files, make sure you know what you are doing. NEVER make changes to the permission on a file just because it is the easy way to get things working.