Tuesday, December 16, 2008

Basic Linux Security

Linux is a portable light-weight operating system based on the Unix operating system. Many web hosting companies and much of the Internet itself runs on Linux Servers. Up until recently it has been complicated for the average home user to familiarize themselves on Linux. In the past few years many average user friendly versions of Linux have popped up on the landscape.

For our purposes here we are going to concentrate on the command line versus the GUI(Graphical User Interface). Linux has some native features that make it fairly secure out of the box. However this security is not fool proof without some additional configuration. Perhaps the main reason that Linux is more secure than Windows is not because it is a better product. No we cannot make that complete comparison. That would be like comparing Apples and Oranges. The reason Linux is more secure is it gets much less attention than Windows. Millions of people across the world are out there trying to exploit or lay bare the flaws in the Windows Operating System. With Linux there are not nearly as many users familiar as there are with Windows.

However using Linux out of the box without configuration changes you are leaving yourself wide open for hacks, attacks and many problems. One of the best things and possibly in some ways a disadvantage of the Linux Operating System is the amount of Distributions. There are more flavors of Linux then there are flavors of Kool-Aid. Many of these systems have slightly different structure, totally different Kernels(The central component of the Linux Operating System), different software packaging systems, and often different commands. For this tutorial we can feel safe knowing that the commands we are using are basic enough to work across distributions.

Considering many of the Linux Systems in operation are across the globe in data centers; technicians and users alike needed a secure remote system to connect to these servers. SSH stands for Secure Shell, it was created to replace many insecure connection protocols like telnet. The standard port you connect to with SSH is 22. SSH authenticates servers using an encrypted key. You can also configure ssh to connect with a public key. This would mean unless you have this public key you cannot connect. The scope of this article is a simple how to on basic Linux security. So we are only going to concentrate on the basics of SSH.

In the world of Linux the root user is God. Many servers are secured wonderfully only to login remotely using the root password. This is foolhardy because anyone using a simple sniffer program can obtain your root password and control your machine totally. Additionally as long as you use the common port of 22 for your SSH protocol, your leaving yourself wide open for potential hacks.

So these are steps you should do the first time you connect to your Linux Server:

Login to your server through SSH using user: root and your password.

Create a new user for yourself
common commands: “adduser newusername”
Password newusername – This step will ask you to set a password and then validate it

Find the directory your ssh configuration file is in. This could vary depending on distribution. You can issue the find command – find / -name ssh*conf . This file may be elusive. It can be named ssh.conf, sshd.conf, sshd_config and other names. Once you find the directory you can change the directory using – cd /directory/name

More than likely your server is using the ssh2 protocol. It is a more secure and a new standard.
You may have two config files. Only one of them actually works. It may be safe to change both. Open the configuration file/files in a text editor (vi, vim). Vi has a small learning curve, you will want to look at the man pages to familiarize yourself. Once opened you will want to find two different lines.


On the line that says Port you want to change it from the default port 22 to something else. This can be any port that is not currently in use. Such as 11215.

On the line that says PermitRootLogin you will want to change this answer to No.

After you have made these changes before logging out, in a separate window try to connect using your new port number and user name.

Now that our connection to the server is more secure, we need to add a couple of packages to our server.

1.A firewall (CSF, APF)
2.An antivirus (Fprot, AVG)
3.Spyware tools (rkhunter, chkrootkit)

You will need to choose which Firewall and Antivirus is good for your system. As far as the spyware tools I would recommend using both. These packages will check various security items on your server to make sure they are secure and not compromised.

In future tutorials we will dig deeper into your Linux Server and configuration of these security packages. The steps I have outlined here are the basic things you must do on your system before you worry about installing any software. These careful preventive measures will give you a head start in securing your Linux Server.

By Chris Collins

No comments: