Security in Linux

Linux is often touted as a highly secure OS. However, the reality is that Linux too has its own share of security flaws. But there is no need to panic, since they can be removed. Let’s see the major causes for security problems in Linux.

Local security



Local users can create a lot of problems for your system. It is bad policy to provide accounts to people you don’t know or for whom you have no contact information. It is better to follow the following rules of the thumb while providing people access to your Linux machine. Give them minimum privileges, monitor when/where they log-in from, remove inactive accounts and prohibit the creation of group user ids.

Root security



Since the root account has authority over the entire machine, you should use it only for specific tasks. Even a small mistake made while logging-in as a root user can lead to significant problems. Follow the simple rules given below and they will help you.

• When running complex commands, first run them in a non-destructive manner. A simple example is to do an “ls” before doing an “rm” so that are sure about the files you are going to delete.
• Provide users an interactive rm for deleting the files.
• Become root only to do specific tasks. If you want to experiment with something, go back to a normal user shell.
• The command path, which specifies the directories in which the shell searches for the programs, is very important. Limit
  
  the command path and never include . (the current directory) in your command path.
• The /etc/securetty file contains a list of terminals that root can log in from. Be careful while adding an entry to this file. 

File system security



Keep in mind the following points to help protect your systems and data stored on them.

• If you are exporting file systems using NFS, configure /etc/exports with the most restrictive access possible. Do not use any wild cards.
• /var/log/wtmp and /var/run/utmp contain the log-in attempts for all users. Their integrity needs to be maintained, as they help in determining when and from where a user has entered your system.
• World-writable files can serve as a security hole. Also, world-writable directories are dangerous as they allow an intruder to add/delete files. You must locate the world-writable files on your system and make sure that you know why they are
  
  writable.
• It is also important to locate the unowned files. The presence of unowned files might also be an indication that an intruder has accessed your system. You can locate such files by using the following command $ find / \( -nouser —o —nogroup \) —print
• You should be able to find .rhosts file. Use this command to locate that file $ find /home —name .rhosts —print
  
  
  
  Before you change the permission on any system files, make sure you know what you are doing. Never make changes to the permission on a file just because it is the easy way to get things working.

Password security



Most Linux distributions come with passwd programs that do not allow you to set a password that can be easily guessed.

Thus, it is necessary to make sure that your passwd program is up to date. 

Linux uses a one-way encryption algorithm known as DES (Data Encryption Standard), which is used to encrypt your passwords. The encrypted password is stored in /etc/passwd or (less commonly) in /etc/shadow. When you try to log in, the password you type again gets encrypted and is compared with the entry in the file that stores your password. A match means you have entered the same password and you are given access to the system.

Kernel security



As the kernel controls your machine’s networking, it is very essential to keep it secure. Let’s see some popular kernel configuration options that relate to

security.

IP forwarding. If you enable IP forwarding, your Linux box becomes a router. You can enable or disable IP forwarding by using the following commands:

root# echo 1 > /proc/sys/net/ipv4/ip_forward /* for enabling */



root# echo 0 > /proc/sys/net/ipv4/ip_forward /* for disabling */

• IP firewalling. This option is very useful if you want to protect your dial-up workstation from someone entering via your PPP dial-up interface.
• IP firewall packet logging. This option displays the information about the packets your firewall receives.

Security Monitoring



There are also a number of security analysis, monitoring and logging tools. The following are some of the commonly available tools on Linux.

• SATAN (Security Administrator’s Tool for Analyzing Networks). This tool probes for a range of common network security issues. It also advises the administrator on the weaknesses.
• lastcomm. This command allows one to have a look at the history of the commands executed by a particular user.
• ttysnoop. This allows a super user to monitor the activities on a pseudo-terminal.
• syslog. This can be configured in a number of ways, including sending logging messages. But it should be noted here that syslog is highly vulnerable to various kinds of attacks.

Because of the free nature of Linux OS, the Linux community has been able to fix many security-related problems. The large developing community ensures constant auditing of the source code for potential security problems. Also, the users make sure that each aspect of Linux security is well tested on different computing environments. This makes Linux as one of the most stable and secure OSs available.

Swayam Prakasha