What's a good resource on how to better secure a system?
I've been using Linux for a long time but one thing I never dived that deeply into is proper security.
The biggest thing I know is to not use root, but that is probably my biggest downfall.. how do you NOT use root? Unless I'm only modifying files owned by a specific user chances are I need to su as root at some point. Examples of such things are editing configuration files, or moving entire file structures. Due to Linux's lack of file inheritance there's always going to be that one file somewhere that has a different permission because it was put there via a different process (perhaps SMB or NFS instead of locally or vise versa) and it took on whatever permissions that process was running as. Or perhaps it was just another user who also has access to that share who put the file there, but now my own user can't see it because the folder does not take proper owner/group/perm inheritance like it would in windows.
Another thing is pretty much all commands aside from basic requires root. If I want to look at raid information, or use smartctl, or dd, or even ifconfig or tcpdump.
I made a custom monitoring program where the config is stored only on the server and pushed to agents, this makes deployment and management extremely easy. Unfortunately most commands that are used to gather system info need to run as root, so the agent has to run as root. This is quite a security risk as if someone compromises the monitoring server they can then modify the config file to send any command they want to the agents such as rm -rf /.
In the desktop world I run as a regular user as the GUIs seem to be rather well designed now days to work fairly well as a non root user. But for servers, I always find myself having to su or sudo as root. I'm sure there are better ways I can do this.
Heck, all my cron jobs run as root as well. A simple example is a backup script, I need a user that has access to *ALL* files to run the backups, and also access to change permissions and ownership, because after the file backup is complete I need to set the permissions to something my regular user can see in case I need to access the backups.
Tons of stuff like that requires root, unless there are other ways.
I've also been told that doing apt-get update or yum update is not enough, as I need to update the kernel and other stuff too that's not covered by those commands, so what else needs to be done to keep that stuff updated?
Overall I'm open to other tips or good resources to read as well.
I'd also like to eventually host other people's websites, or at least separate my own into their own "accounts" so I'd like to learn more security on that aspect as well.
Other random thing I thought of is commands that require a password. Those will show up in ps aux and similar commands, how do you prevent that? (mysqldump for example)
Last edited by Red Squirrel; 08-29-2014 at 01:31 AM.
|