10 ways to secure your linux system
14
Convergence IT Services Pvt. Ltd 10 Ways to Secure your Linux System
-
Upload
convergence-it-services -
Category
Documents
-
view
214 -
download
0
description
Linux is considered one of the most stable and highly secure open-source OS platforms. Though there is no reason to doubt this claim but at times hackers have brought Linux to its knees through vulnerability which was left unattended by the system admin. Though there is no reason to press the panic button but it is always a good thing to know few security tips to manage your Linux in a much more professional and secure way. By doing this you can really harness the true potential of this highly useful and flexible OS.
Transcript of 10 ways to secure your linux system
Convergence IT Services Pvt. Ltd
10 Ways to Secure your Linux System
Linux is considered one of the most stable and highly secure open-source OS platforms. Though there is no reason to doubt this claim but at times hackers have brought Linux to its knees through vulnerability which was left unattended by the system admin. Though there is no reason to press the panic button but it is always a good thing to know few security tips to manage your Linux in a much more professional and secure way. By doing this you can really harness the true potential of this highly useful and flexible OS.
support.convergenceservices.in 2
10 Ways to Secure your Linux System
3
1. Physical System Security
This is basic yet so many system admin fail to ensure this level of security. In the physical system security you can configure the BIOS along with that disable booting from CD/DVD, External Devices, Floppy Drive in BIOS. You can also enable BIOS Password and protect GRUB with password so as to restrict physical access to your Linux system.
support.convergenceservices.in
4
2. Use Secure Shell (SSH)
Secure Shell (SSH) is a protocol which provides a secure remote access. Protocols like Telnet and rlogin uses simple text which is not encrypted and can cause security breach. On the other hand SSH is a secure and encrypted protocol which can be used for communication with server. Never use default SSH 22 port number rather use higher level port number.
support.convergenceservices.in
5
3. Disk Partitions
If you want to have higher data security it is imperative you make different partition of your disk. By doing this you will separate and group data thereby reducing the damage in case disaster strikes. You need to make sure that you must have separate partitions and that third party applications should be installed on separate file systems under/opt.
support.convergenceservices.in
6
4. Check Listening Network Ports
Use ‘netstat‘ networking command to view all open ports and associated programs. The ports which are unused should be disabled using the ‘chkconfig’ command. This simple precaution can help system admin to make the Linux Server System.
support.convergenceservices.in
7
5. Disable USB stick to Detect
If you ever want to restrict users from using any kind of USB stick in your Linux system so that your data is secure from unauthorized access then you can create a file ‘/etc/modprobe.d/no-usb‘ and adding a line ‘install usb-storage /bin/true’ will not detect USB storage.
support.convergenceservices.in
8
6. Turn on SELinux
• SELinux or Security-Enhanced Linux is an important access control security mechanism provided in the kernel. So if you want to add an extra layer of security then it is a good idea to keep it on.
• SELinux offers three basic modes of operation and they are. • Enforcing: This is default mode which enables and enforces
the SELinux security policy on the machine.• Permissive: In this mode, SELinux will not enforce the security
policy on the system, only warn and log actions. This mode comes handy when you are troubleshooting SELinux related issues.
• Disabled: SELinux is turned off.
support.convergenceservices.in
9
7. Enforcing stronger password
This looks simple but when implemented can bring some positive results. A large number of users use weak passwords and this might give a easy access to hackers to make the guess work and hack the system with a dictionary based or brute-force attacks. The ‘pam_cracklib‘ module is available in Pluggable Authentication Modules)module stack which will force user to set strong passwords.
support.convergenceservices.in
10
8. Checking account for empty password
When an account is having an empty password it means it is opened for unauthorized access, for anyone on the web and it’s a part of security within a Linux server. So it is imperative for all accounts to have a strong and robust password. Empty password accounts can be easily hacked and is a security risk. # cat /etc/shadow| awk -F: '($2==""){print $1}' this command will check if there is any account with empty.
support.convergenceservices.in
11
9. Disable or Remove unwanted services
It is highly advised to uninstall unwanted and useless software packages to minimize the risk of vulnerability with your Linux system. Using ‘chkconfig‘ command you can find out services which are running on run level 3.
support.convergenceservices.in
12
10. Monitor User Activities
This is a thumb rule to maintain the security of your Linux system yet many a time system admin fail to follow this simple rule. If you have plenty of users, then it’s imperative to collect the data of each user activities and analyze them on the basis of performance and security issues. We even have a tools called ‘psacct‘ and ‘acct‘ for monitoring user activities these tools runs in a system background and constantly tracks each user activity on a system and resources consumed by services such as Apache, MySQL, SSH, FTP, etc.
support.convergenceservices.in
13
About us
Convergence Support Desk is a professional website maintenance service provider. If you have your website developed in Joomla, Wordpress or Drupal CMS and are looking to maintain it then please get in touch with us @ +91 22 2513 6632 or
Visit support.convergenceservices.in
support.convergenceservices.in
