Checklist for Linux security
Linux is an amazing operating system considering how it was originally created. It was a modest program written for a person as a hobby - Linus Torvald of Finland. It has become a nest full operating system 32 bits. It's solid, stable and supports an incredible number of applications. It has very powerful capabilities and runs very fast and rarely crashes.
Unfortunately Linux machines are broken almost every day. This does not happen because it is a secure operating system. Contains all the necessary tools to be very safe. But the truth is. It has not been much safer with increasing popularity. Moreover, our understanding of the methods of hackers and the wide variety of tools and techniques available contributed to help system administrators to secure their Linux computers.
Our aim in this article is to list the most critical situations, and how to prevent an invasion with simple measures.
1 - Weak passwords - By far, the first method and used most often used by hackers to try to penetrate a Linux system is cracking a password, preferably from the root. Usually be directed to a common user, and then, through access to the operating system, try to get a privileged access cracking the root password. password policy, and good passwords are absolutely critical to the security of any computer. Some common mistakes when selecting a password:
Use "password" as password.
B-use the computer name.
C-a well known name of science, sports or politics.
D-reference to the movies.
E-something that is part of the website user.
F-references associated with the account.
The latest version of Linux offered shadow passwords. If a cracker can see an encrypted password, crack it would be an easy task. So instead of storing the password in the passwd file, now stored in the shadow file is readable only by root. Before a hacker can crack a password you need to understand an account name. Thus, simple accounts names must be avoided as well. Another security measure is to apply a "no entry" to the account in the passwd file. This should be done for all accounts is not required to log into the system. Some examples are: apache, mysql ftp, and others.
Limit terminals root can log in from. If the root account can access only in certain terminals that are considered safe, it is almost impossible for a hacker to penetrate the system. This can make a list of terminals in / etc / security. The input program is considered insecure any terminal that does not appear in this file, which can be read only by root.
2 - Open network ports
Any Linux default installation of the operating system will offer tons of software and services. Several of them are not needed or even wanted by the administrator. The elimination of these programs and services will close the path to several attacks and improve security. The command / sbin / chkconfig program can be used to stop automatic services from runlevels 3, 4 and 5. Register as / root and type sbin / chkconfig - list to see all the services configured to start automatically. Select the ones you do not need and type / sbin / chkconfig 345 name_of_service out. You must make all services you do not want to keep running. Additionally, the server xinetd can be used to disable other services as well.
3 - earlier versions of software
Every day find vulnerabilities in programs, and most of them are fixed constantly. It is important and sometimes critical, to keep up with changes. There are mailing lists for every Linux distribution, which can provide information related to security and found the latest vulnerabilities.
A place to observe the security holes are:
· HTTP: / /
www.redhat.com / mailman / listinfo / redhat-announce-list
· HTTP: / /
www.debian.org/MailingLists/ · HTTP: / /
www.mandrakesecure.net / en / mlist.php
· HTTP: / /
www.suse.com / us / private / support / security / index.html
· HTTP: / /
www.freebsd.org / security / index.html
· HTTP: / /
www.linuxtoday.com/ · HTTP: / /
www.lwn.net/ It is crucial to ensure that public security patches are applied to programs in space. The hacker community will notice the holes and try to explore discovered before patches are applied.
4 - insecure and misconfigured programs
There are some programs that have a history of security problems. To name a few port map IMAP, POP, FTP and NFS, are most popular. The good news is that most of these programs can be replaced by a secure and SPOP, sftp or scp.
It is important that, before deploying any service, the administrator to investigate its safety record. Sometimes simple configuration measures can prevent serious headaches in the future.
Some hints for web server configuration, it is worth mentioning:
- Do not let the web server as a privileged user;
- Do not keep confidential customer data on the web server - credit card numbers, phone numbers, email addresses, you must register on a different computer.
- Ensure that privileged information a user provides a default form does not appear for the next person who uses the form;
- Establish acceptable values ??for data that customers provide web.
- Check vulnerabilities on CGI programs.
5 - Accounts obsolete and unnecessary
When a user no longer using your account, make sure it is removed from the system. This stale account will not have changed the password periodically leaving a hole. Company files to read or write property of the account should be deleted. When you remove a service necessary to make sure to remove or disable that account.
Security resources on the web
Bugtraq - Includes detailed discussions of the security holes in Unix
http://www.securityfocus.com/ Firewalls - Discuss the design, construction, operation and maintenance of firewalls.
http://www.isc.org/services/public/lists/firewalls.html RISK Discuss the risks to society of computers
http://www.risks.org/ Insecure.org
http://www.insecure.org/ 
Topic: Check List for Linux Security (Read 1176 times)
