Securing Database Server and Application Server in Linux
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Securing Database Server and Application Server in Linux
I have an application server which hosts my application. I distribute all binaries and code. So if user simply copy the code and distribute anyone can run.
I have a database resides in different server(Most of the time) some time database resides in the same server.
I have the root password and I only have access.
My concern is I want to secure so that others don't copy or access the system.
Some of the concern,
1) Login as user and browse through the directory and copy the code.
2) Shut down server and use another Bootable Linux CD and access to database or application file and copy.
3) any other scenario.
The first thing you need to remember is that physical access means root access. If they have physical access to the machine, your ability to stop them from analyzing stuff on that machine that is not encrypted will be very limited. You can do things like put in bios passwords, disable USB boot, disable the CD boot, etc, to help slow them down, but your still going to be limited.
As far as you login and browse concerns, this is where you will need to assign proper ownership and permissions. Basic Unix/Linux Permissions consist of read/write/execute for owner/group/others and can be set as needed. Root will always have access regardless of the permissions. Your database files will probably be stored in a location off of /var by default so you will need to pay attention. In the database, be sure to assign a designated user and appropriate permissions.
If you are really concerned about someone seeing your data, it should either be encrypted or not put on the machine to begin with. Locking it down so that people can't read / see things is often times an exercise in futility and frustration.
Thanks for the inputs. If I encrypt the hard drive will there be a performance degradation?
The encryption / decryption process will consume some resources. My experience has been that the associated penalty is small and I have never noticed a problem. You could also choose which portions you want to encrypt and focus on those as oppose to the whole drive. For example, do you really care if the Linux distribution binaries are encrypted? Does your entire home or /var partition need to be protected, or only a small amount? Another thing to consider about encryption, is that the drive needs to be decrypted to be used. If someone gains access and the information is already mounted in decrypted format, they may be able to access it. The encryption works well when starting from an unmounted or non-powered state.
It sounds to me like you need to perform a risk / threat analysis and devise a solution across multiple layers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.