Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I'm really new to linux but I've managed to get things setup pretty nicely. One thing that I did was compile the 2.6.1 kernel and now Firestarter won't run. It says it needs a 2.4 or newer kernel.
How vulnerable is linux? I'm all about security and firewalling my box but right now I'm relying on a firewalled router. How effective is that type of setup?
Any suggestion on my Firestarter problem? I added all of the iptables as modules in my kernel.
Any information is appreciated.
Nothing wrong with a firewalled router. Of course, hardening your PCs with firewalls, disabling unwanted services and so on will give you even greater security so its all down to what you want.
I have a firewalled router and no firewalls on PC inside the network at the moment. However, I do disable unused services, keep the systems patched up to date and have good user/password security. So far this has worked fine for me.
# Supports Linux kernel versions 2.5, 2.4 and 2.2.
You are ahead of the curve with your 2.6 kernel, so you will likely have to edit your iptables files manually, or wait till development catches up with the new kernel. Since you have a router firewall, you should be fine. Even without any rules, if you close all unneeded services, as mentioned, you are quite secure.
Well, that's good to hear! Thanks for the replies. I'm in the process of learning the iptables so in time I'll have my own little firewall going but at least for now I can feel comfortable with the router.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Security has much more to do with the skill of the administrator of the system than the operating system itself. Because of Windows' perceived security weaknesses (which are many, it's true) a lot of hobbiests and some large entities (corporations, governments, etc) are moving to other OSs, in particular Linux. The interesting thing is that there has been no evidence to suggest that the move to Linux has resulted in less break-ins or compromises. In fact, some studies show more reported security incidents on Linux than on Windows (and Linux still only has a tiny fraction of the install base). Several high-profile sites, such as the FSF and Debian.org have been compromised very badly.
The truth is that in many cases, users migrating to Linux do not know enough about it to configure it correctly, and/or have a false sense of security and do not bother to lock down their system. In other cases, systems maintained by relative experts (FSF, Debian.org) are cracked despite good controls. This means two things: Linux is extremely vulnerable (at least as much as Windows) if it's not hardened after a default install (in most distributions) and even a well configured system isn't uncrackable. Inspite of great hopes, no OS is bullet-proof, espcially not if you take it for granted.
No matter what OS you have, you should always follow these general rules after installing:
1.) Keep the box unplug from the Internet if at all possible (install from CD-ROM), if you must have an Internet connection to install packages, then make sure it's behind a firewall and nothing can make inbound connections to it, yet.
2.) Remove all packages and users that are not needed
3.) Shutdown and disable any services that remain, but aren't required
4.) Substitute secure services and daemons in the place of insecure ones, such as SSH instead of telnet, sftp instead of ftp (if possible), Postfix instead of Sendmail, vsftp or Pure-ftpd instead of wu-ftpd, etc
5.) Install a Host Intrusion Detection System (HIDS) and have it take a snapshot of your system. It should be configured to generate a warning if any files change. Regenerate your checksums after each step that involves changing files (adding, removing, or editing)
6.) Install a host firewall and configure it (this should deny all inbound connections at the very least, and possibly deny outbound connections except for those needed to function)
7.) Install a Network IDS (NIDS) and configure it to watch traffic to your host
8.) Install a log monitoring program to do some of the dirty work of going through logs for you. Make sure it generates a periodic report and sends it to you some how, such as by e-mail (and remember to check the reports every day!)
9.) Download and install all security updates from your OS and software application vendors. Preferably, this should be done off-line (have the updates on a different host and either connect via the LAN or burn a CD with them). You're still not safe to plug into the Internet since you are probably running some vulnerable software by default.
10.) Recheck all your configurations to make sure none of them have been modified by updates or other packages. Remember to re-run the checksum generator on your HIDS.
You're still not done! Security is an every day process, not a patch-and-forget-it deal. Keep monitoring your reports and logs every day for suspicious activity and make sure to check with your vendors regularly for security updates.
Just a few fun tidbits to consider, in my personal circle of friends and acquaintences the record for the fastest compromised box was a Red Hat Linux 7.1 box compromised 15 minutes after being connected to the Internet. At one point I recall seeing the world record reported by one of the incident reporting centers (I think it was CERT) was 5 minutes, held by a Red Hat Linux 6.0 box. Just because it's not Microsoft doesn't mean it's secure.
Thanks Chort! That's a great post and it will give me lots to research. I want a secure box just like everyone should so I'll definitely be referring to this post as I set things up.
One thing is for sure - a lot of people, including me, associate Linux with security! I guess one thing that helps maintain system integrity, even after an intrusion, could be avoiding use of the root account?
Last edited by Vincent_Vega; 01-18-2004 at 06:39 AM.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Then you may have missed my point (I'm not clear from the statement about "Linux associated with security").
I'll make it clearer:
Linux != Security
Good Admin == Security
Hint: If you just rely on Linux to keep you secure, you're going to find a very messy box one of these days (probably sooner, rather than later). Put effort into it, that's the only way to attain some security.
No, your point was perfectly clear and I thank you for taking the time to post all of that information. What I meant by that 'security...' part was that when I made my switch to linux I just thought it wasn't really too vulnerable to attacks. Then the more I read the more I doubted that, so I posted my question. I believe everything you said and securing my box has just moved to the top of my 'To Learn' list!
Last edited by Vincent_Vega; 01-18-2004 at 06:46 AM.