Author Topic: Secure Your Linux Server..!  (Read 612 times)

akash.datasoft

  • Green Belt
  • *****
  • Posts: 216
  • Karma: +0/-0
Secure Your Linux Server..!
« on: October 17, 2013, 06:51:40 PM »
Secure Your Linux Server



The Linux operating system is one of the most stable and diverse OSes around. It's also one of the most popular servers in the world, thanks to its stability, process handling, and developer dedication. No matter what you plan to do with Linux, you can bet there's a flavor that will match your particular needs

In the development world, the most popular and often used Linux distribution (known to Linux geeks as a "distro") is Red Hat. Others include Mandriva, Debian, and SuSE. This tutorial refers to Red Hat 9



Do Not Turn Your Brain Off at the Door

Warning! If you think reading this article will give you all the information you need to be a system administrator, think again. This article covers the basics of security, but it is not a substitute for common sense, nor for the necessary interactive thinking of a competent system administrator.

This is not a fix-all. Hackers and attackers constantly reinvent themselves, and a good system administrator will be versatile and adept, reinventing himself as necessary. I recommend following Linuxdocs.org and CERT to help stay on top of system administration and security issues pertaining to your Linux server.

Installation

Before you can really get going, you have to install your Linux distro. I assume that you are setting up a server and will run without X11 (the GUI that ships with Red Hat). You may choose to install X if you wish, but this tutorial will not assume that you have it.

The rule of thumb to operate under is that if you don't need something, don't enable it. The reason for this approach is that the more services and modules you have installed, the greater the risk that an exploited and overlooked service could provide a gateway to your box.

Depending on your server or distro, the file locations I provide here may not correspond with those on your own system. To locate a file, use the command find / -name filename. You can also use tools such as pico or vi to edit a file.

Lockdown

This is the first thing to do to secure your new Linux box. There are several actions to take to prevent dangerous activity.

Changing the root password

The most obvious and simplest lockdown method is to change (or even initially setup) your root password, right from the start.

It's a good idea to change it once every 30 days, and it's also wise to come up with a password that won't be easy to crack. There are apps out there that can run a password list against a dictionary and try to crack passwords that way. Other apps will run a password list against a dictionary and hacker spellings. Therefore, using the term d0gf00d as your password is highly insecure.

You can change your password using the passwd command while logged in as root.

Disable suid

It's very valuable at times, and also very dangerous, to be able to run an application as a different user. The most common application of this is with suid (think "set user ID"). With suid, an underprivileged user can run an application as if he were a privileged user. For instance, the Apache web server, which by design runs as its own user, could execute commands as root. In this way, it would be possible for a regular user to gain access to and edit the /etc/passwd file, among others.

To find which files use suid, execute the following command. Anything with an s in the permission column (on the left) runs with suid.


# ls -alF `find / -perm -4000` > /root/suid.txt
On your server, you may get something like this in /root/suid.txt:

-rwsr-xr-x    1 root     root  60104 Apr  1  2002 /bin/mount*
-rwsr-xr-x    1 root     root    35192 Apr 18  2002 /bin/ping*
-rwsr-xr-x    1 root     root    19116 Apr  8  2002 /bin/su*
-rwsr-xr-x    1 root     root    30664 Apr  1  2002 /bin/umount*
-r-sr-xr-x    1 root     root    120264 Apr  9  2002 /sbin/pwdb_chkpwd*
-r-sr-xr-x    1 root     root    16992 Apr  9  2002 /sbin/unix_chkpwd*
-rwsr-xr-x    1 root     root    37528 Jan 17  2002 /usr/bin/at*
-rwsr-xr-x    1 root     root    34296 Mar 27  2002 /usr/bin/chage*
-rws--x--x    1 root     root    12072 Apr  1  2002 /usr/bin/chfn*
-rws--x--x    1 root     root    11496 Apr  1  2002 /usr/bin/chsh*
-rwsr-xr-x    1 root     root    21080 Apr 15  2002 /usr/bin/crontab*
-rwsr-xr-x    1 root     root    36100 Mar 27  2002 /usr/bin/gpasswd*
-rwsr-xr-x    1 root     root    19927 Apr 17  2002 /usr/bin/lppasswd*
-rws--x--x    1 root     root    4764 Apr  1  2002 /usr/bin/newgrp*
-r-s--x--x    1 root     root    15104 Mar 13  2002 /usr/bin/passwd*
-rwsr-xr-x    1 root     root    14588 Jul 24  2001 /usr/bin/rcp*
-rwsr-xr-x    1 root     root    10940 Jul 24  2001 /usr/bin/rlogin*
-rwsr-xr-x    1 root     root    7932 Jul 24  2001 /usr/bin/rsh*
-rwsr-xr-x    1 root     root    219932 Apr  4  2002 /usr/bin/ssh*
---s--x--x    1 root     root    84680 Apr 18  2002 /usr/bin/sudo*
-rwsr-xr-x    1 root     root    32673 Apr 18  2002 /usr/sbin/ping6*
-r-sr-xr-x    1 root     root    451280 Apr  8  2002 /usr/sbin/sendmail.sendmail*
-rwsr-xr-x    1 root     root    20140 Mar 14  2002 /usr/sbin/traceroute*
-rwsr-xr-x    1 root     root    13994 Apr 18  2002 /usr/sbin/traceroute6*
-rws--x--x    1 root     root    22388 Apr 15  2002 /usr/sbin/userhelper*
-rwsr-xr-x    1 root     root    17461 Apr 19  2002 /usr/sbin/usernetctl*
Many system administrators will recommend the deactivation of services like ping and traceroute, which systems don't often require. In this particular output, I recommend disabling /usr/bin/chage, /usr/bin/chfn, /usr/bins/chsh, /bin/mount,
/bin/umount, /usr/bin/gpasswd, /usr/sbin/usernetctl, /usr/sbin/traceroute, /usr/sbin/traceroute6, /usr/bin/newgrp, /usr/sbin/ping6, and /bin/ping.

Disabling suid on a file makes the file executable only by the owner and also makes it immutable (unable to be modified or deleted, or even linked to). To do this, use the command:

# chmod 111 /path/to/file
# chattr +I /path/to/file
Remember the rule of thumb: if you don't need it, disable it!

melby@datasoft.ws

  • Blue Belt
  • ****
  • Posts: 197
  • Karma: +0/-0
Re: Secure Your Linux Server..!
« Reply #1 on: October 17, 2013, 11:55:33 PM »
Hi,

The Linux Operating System is one of the most stable and diverse OS’s around. It’s also one of the most popular servers in the world, thanks to its stability, process handling and developer dedication. No matter what you’re planning to do with Linux, you can bet there’s a flavor that will match your particular needs.

In the development world, the most popular and often used Linux distribution (known to Linux geeks as a "distro") is RedHat. Other open source varieties include Mandrake, Debian, or SuSE. We’ll be referring to the RedHat 9 distro throughout this tutorial.

Do Not Turn Your Brain Off At The Door!

Warning! If you think that reading this article will give you all the information you need to be a systems administrator, think again. This article will cover the basics of security, but it is not intended to be a substitute for common sense, nor the necessary interactive thinking of a competent systems administrator.

This is not a fix-all! Hackers and attackers constantly reinvent themselves and a good systems administrator will be versatile and adept, reinventing himself as necessary. I recommend these sources to help you stay on top of systems administration and security issues pertaining to your Linux server:

Linuxdocs.org – http://www.linuxdocs.org/

CERT – http://www.cert.org/

Installation

Before you can really get going, you have to install your Linux distro. Because we’re setting up a server, we are going to run without X-Windows (the graphical user interface that ships with Redhat). You may choose to install X if you wish, but we won’t use it in this tutorial.

The rule of thumb we’re operating under here, is that, if something is not needed, we’re not going to enable it. The reason for this approach is that the more services and modules that you have installed, the greater is the risk that an exploited and overlooked service could provide a gateway to your box.

Depending on your server or distro, the file locations I provide here may not correspond with those on your own system. You can use the following command to locate a file: find / -name filename. You can also use tools such as pico or vi to edit a file, by executing the fol command:

Thanks,
Melby.

silgy

  • Green Belt
  • *****
  • Posts: 224
  • Karma: +1/-0
Re: Secure Your Linux Server..!
« Reply #2 on: October 18, 2013, 03:11:41 AM »
Hello......

Password protecting the BIOS and Grub should be done with care. If you do choose to follow this, and it is a very good idea, you need to make sure that there is an off line, secure way to access the password at 2AM. In the Navy, we would write out passwords and place them in an envelope, two of us would then seal and sign on the seam of the envelope, and then the envelope would be placed in a safe with two combinations. The safe could only be opened when both holders of the combinations were present, and both holders of the combinations needed to inventory the safe at the beginning and end of each watch.

1.Checking your system for random mailers
2.Check your system using the root kit checker
3.Set up a root login detector and emailer
4.Set a SSH MOTD
5.Secure SSH Logins:
6.Disable Telnet
7.Nuke PHP Shells
8.Install Brute Force Detection
9.Encrypt your data

Thanks
Silgy