Securing Linux Server – Data Security
Posted in Linux Operating System is known as most secure and most popular OS all around and very much stable too. Data Security in Linux Server could be maintained by making an effective data security strategy. Corporate data security could be implemented by applying proper data security strategy for Linux Server.
There are many Linux distributions are there and most popular among them are Red Hat, Debian, Ubuntu and SuSE etc. This article contains basics of security for Linux Red Hat 9.
We assume that you have installed Linux OS with x11(GUI for Red Hat). Graphical User Interface should not be enabled for to get best level security.
You can use find / -name filename command to locate or find a file and pico or vi to edit a file.
Securing You Linux Box:
First of all you need to secure your Linux box by taking some actions to prevent unauthorized users access. It is necessary to secure Linux box because server monitoring could be viewed using Linux box.
Change Root Password:
Changing root password within 30 days is a good idea and you should use highest security level terms as Linux root password. To reset Linux root password passwd command is used while logged in as root.
One thing is very dangerous with respect to security that to be able to run an application as different user like with suid( set user ID) command an unauthorized user can run application same like privileged user and can access and edit /etc/passwd file. You should find files which are using suid and file with an s in permission column runs with suid.
# ls -alF `find / -perm -4000` > /root/suid.txt
You may get the following result on server of this command in /root/suid.txt.
-rwsr-xr-x 1 root root 60104 Feb 1 2007 /bin/mount*
-rwsr-xr-x 1 root root 35192 Feb 18 2007 /bin/ping*
-rwsr-xr-x 1 root root 19116 Feb 8 2007 /bin/su*
-rwsr-xr-x 1 root root 30664 Feb 1 2007 /bin/umount*
-r-sr-xr-x 1 root root 120264 Feb 9 2007 /sbin/pwdb_chkpwd*
-r-sr-xr-x 1 root root 16992 Feb 9 2007 /sbin/unix_chkpwd*
-rwsr-xr-x 1 root root 37528 Dec 17 2007 /usr/bin/at*
-rwsr-xr-x 1 root root 34296 Apr 27 2007 /usr/bin/chage*
-rws–x–x 1 root root 12072 Feb 1 2007 /usr/bin/chfn*
-rws–x–x 1 root root 11496 Feb 1 2007 /usr/bin/chsh*
-rwsr-xr-x 1 root root 21080 Feb 15 2007 /usr/bin/crontab*
-rwsr-xr-x 1 root root 36100 Mar 27 2007 /usr/bin/gpasswd*
-rwsr-xr-x 1 root root 19927 Feb 17 2007 /usr/bin/lppasswd*
-rws–x–x 1 root root 4764 Feb 1 2007 /usr/bin/newgrp*
-r-s–x–x 1 root root 15104 Mar 13 2007 /usr/bin/passwd*
-rwsr-xr-x 1 root root 14588 Jul 24 2006 /usr/bin/rcp*
-rwsr-xr-x 1 root root 10940 Jul 24 2006 /usr/bin/rlogin*
-rwsr-xr-x 1 root root 7932 Jul 24 2006 /usr/bin/rsh*
-rwsr-xr-x 1 root root 219932 Feb 4 2007 /usr/bin/ssh*
—s–x–x 1 root root 84680 Feb 18 2007 /usr/bin/sudo*
-rwsr-xr-x 1 root root 32673 Apr 18 2007 /usr/sbin/ping6*
-r-sr-xr-x 1 root root 451280 Feb 8 2007 /usr/sbin/sendmail.sendmail*
-rwsr-xr-x 1 root root 20140 Mar 14 2007 /usr/sbin/traceroute*
-rwsr-xr-x 1 root root 13994 Feb 18 2007 /usr/sbin/traceroute6*
-rws–x–x 1 root root 22388 Feb 15 2007 /usr/sbin/userhelper*
-rwsr-xr-x 1 root root 17461 Feb 19 2007 /usr/sbin/usernetctl*
Some Linux System Administrator recommend disabling ping and traceroute services which is not necessary. However, you should disable the following
/usr/bin/chage, /usr/bin/chfn, /usr/bins/chsh, /bin/mount,
/bin/umount, /usr/bin/gpasswd, /usr/sbin/usernetctl, /usr/sbin/traceroute, /usr/sbin/traceroute6, /usr/bin/newgrp, /usr/sbin/ping6, and /bin/ping.
When you have disabled suid then files can be executed only by owner. To disable suid use the following command.
#chmod 111 /path/to/file
#chattr +I /path/to/file
