Every new Linux system administrator needs to learn a few core concepts before delving into the operating system and its applications. This short guide gives a summary of some of the essential security measures that every root user must know. All advice given follows the best security practices that are mandated by the community and the industry.
Master the Basics of Linux Administration
Every aspiring Linux system administrator who wants to secure their computers needs to start from the basics. The most basic steps involves setting up a good security policy which needs to be followed by all users and instituted on all accessible devices in the working environment. This term is used to refer to both principles that are followed by the users of the devices, as well as the applications and operating system configuration. Depending on the conditions limitations can be instituted on various typical features that the users would expect on a desktop configuration. However in the workplace they may be inappropriate or dangerous if sensitive information is accessed or used.
The most basic security configuration where all system administrators start is the configuration of the user accounts. According to the best security practices every unprivileged user (that it anyone who is not root) should be limited to access only the services and devices (using the predefined user groups) which are trusted to be used in their work. Anything else should be disallowed. User control does not end here – a good rule to follow is that every single person must be in possession of a single account. Network services should be bound to a specific account that has permissions only to the services and hardware to which it is related.
Most system administrators also suggest that no one actually logins as root. There are several ways to perform administrative action without using the root account. Popular tools that help in this regard are the su (substitute user) and sudo (substitute user do) commands.
An important thing is to learn and master the UNIX-style file permissions. The Unix-Like operating systems and their distributions allows for great control over the individual files and folders and learning what chmod values are needed for good security in the various system folders is a very important step in securing a system.
System administrators naturally cannot progress further without knowing in-depth the most important basic commands – ls, cd, mv, ps, man, touch, locate, su, chown, cat, cp, mkdir, chmod, date, tar, grep, ssh, rmdir, rm, pwd, passwd, more, kill, top, df and etc.
Also do not forget about the all important text editors such as vi(m), emacs, nano and pico.
The Minimum Linux Security Measures
Probably one of the most important aspects of working with a target Gnu/Linux distribution is the proper application management. Depending on the distribution base there will be a different package management utility installed. All system administrators should know how to install, update and remove applications using these utilities. Local users should not be permitted to install any third-party applications themselves as malware is often disguised as legitimate applications. Hackers have such additional software repositories to infect thousands of computers worldwide with dangerous viruses.
Proactive security is an important characteristic that is typically employed by setting up encryption. Make sure to learn about the different encryption options in Gnu/Linux. Do not forget to ensure that you always use secure means of access when working remotely. OpenSSH is the most widely used implementation of the SSH standard and it provides powerful capabilities that allow administrators to remotely execute commands, access graphical software and manage all dependent machines.
The next step is to ensure that everything can be recovered. The various Gnu/Linux distributions offer rich configuration options in setting up cron jobs which can help in creating daily backups (both local and remote) and automating a variety of the most commonly used administrative tasks.
Linux Security Depends On These Components
The bare essential of every network security is the thorough configuration of the firewall. The Linux kernel uses the netfilter framework which includes advanced configuration options for setting up packet filtering, port translation, network address translation (NAT) and other related options.
Another important factor to consider is the use of application isolation using the variety of methods that are available on the Linux systems. System administrators can use Mandatory Access Control (MAC) which is the most basic form that is widely used by all. Other options include the contemporary virtualization and containers (Docker) methods that are becoming more popular. When testing simpler software some users also prefer to utilize the chroot utility. System administrators should get familiar with the popular SELinux framework which provides adequate means for setting up policies and permissions for both accounts and programs.
Look out for the Common Linux Security Threats
When setting up the security features of the machines all administrators should note that there are some unique characteristics that are attributed to Linux malware:
- All programs are usually distributed through repositories or read -made packages. When third-party providers are added to the package management utility the administrators should be extra careful to review the security of the maintainer(s) and the packages. In some instances it may be safer to compile the code from the original source.
- All files need to have appropriate permissions before they can be executed.
- Most popular user programs such as LibreOffice and the various email clients do not run embedded files or macros by default as a security precaution.
- Most contemporary web browsers ask for the user’s consent before installing or activating any third-party plugins.
- Hacker attacks can happen. And when they do criminals can compromise critical hosting sites such as the package repositories, downloadable images and other important files. Always verify that the file you download, install or use is legitimate.
- Weak security can cause not just local damage but also network-wide and even global disruption. The best example is the Mirai botnet which is labeled as one of the biggest attacks we have seen in the last few years.
From time to time, SensorsTechForum features guest articles by cyber security and infosec leaders and enthusiasts such as this post. The opinions expressed in these guest posts, however, are entirely those of the contributing author, and may not reflect those of SensorsTechForum.