Checklist for the safety of Linux

Linux is an operating system, very surprising, because as it was originally created. It was a modest program written for one person as a hobby – Linus Torvald of Finland. He grew up in full-flight 32-bit operating system. It is solid, stable and provides support for an incredible number of applications. It has a very powerful capabilities and runs very fast and rarely crashes.

Unfortunately, Linux machines are broken almost every day. This is not because it is a secure operating system. It contains all the necessary tools to make it very safe. But the truth is. He has not become much safer with the increasing popularity. On the other hand, our understanding of how hackers and the variety of tools and techniques contributed to help system administrators to secure their Linux computers.

Our goal in this paper is to avoid the most critical situations, list, and like an invasion with simple measures.

1 – Weak passwords

Which uses by far the largest and most widely used method for hackers to try penetrating a Linux system is a password cracking, preferently the root user. Usually they are in general use at first, then, with its access to the operating system, try a privileged access cracking the root password to get. A good password policy, password, and the good ones are absolutely necessary to the security on any computer. Some common mistakes when you choose a password:
Use “password” as password.
A- use “password” as password.
B- use the name of the computer.
C- a well-know name from science, sports or politics.
D- reference to movies.
E- anything that is part of the user web site.
F– references associated with the account.

The latest version of Linux has shadow passwords. If a hacker can see an encrypted password, crack it would be a simple task. So instead of storing the password in the passwd file, they are now stored in the shade, the file is readable only for root. Before the break, an attacker needs a password in order to understand an account name. Simple accounts names must also be avoided. Another security measure is to apply a “no connection” to the account in the passwd file. This must be based on any accounts that do not need to connect the system to be done. Examples: Apache, MySQL, FTP and others.

Limit terminals root can log on. If the root account may only in certain terminals that connect to be regarded as safe, it is almost impossible for a hacker to penetrate the system. This is the list of terminals, the / etc / security be implemented. The program is under consideration of the uncertain link any terminal that is not in this matter, which is only readable by root listed.

2 – open network ports

Any Linux default installation provides the operating system with tons of software and services. Many of them are not necessary or even desired by the administrator. The suppression of these programs and services near the path to several attacks and improve security. The program / sbin / chkconfig can be used to automatically stop services from starting at runlevel 3, 4 and 5. Log in as root and type / sbin / chkconfig – list for all services to start automatically display. Select the ones you do not need, and enter / sbin / chkconfig 345 name_of_service off. You must do all the services that are not up to you. In addition, the server can disable xinetd and other services are used.

3 – older versions of software

Every day vulnerabilities found in programs, and most of them are permanently attached. It is important and sometimes critical, and stay abreast of changes. There are mailing lists for every Linux distribution, where you can have security-related information and the latest security vulnerabilities.
A place to see the vulnerabilities are:

Http://www.redhat.com/mailman/listinfo/redhat-announce-list

Http: // www.debian.org/MailingLists/

Http://www.mandrakesecure.net/en/mlist.php

Http: // www.suse.com / us / private / support / security / index.html
Http: // www.freebsd.org / security / index.html
Http: // www.linuxtoday.com/
Http: // www.lwn.net/
It is critical that security patches are guaranteed programs that applied under their surface. The hacker community is to find the holes and try to study them before patches are applied.

4 – insecure and misconfigured programs

There are programs that have a history of security problems. To name but a few IMAP, POP, FTP, NFS and port card, the best known. The good thing is that most of these programs can be replaced with a secure version SPOP, SFTP or SCP.

It is important that, before providing a service, the administrator investigate the safety of its history. Sometimes simple measures can prevent the configuration headaches in the future.

Some advice on a Web server configuration are worth mentioning:

Never run the web server as a privileged user;
Do not store confidential customer data on the Web – credit card numbers, telephone numbers, postal address, must be recorded on a different computer.
Make sure that the data in a user does not see a form appear as a standard to use for the next person on the form;
Establish acceptable values for the data, provided by the web clients.
Check vulnerabilities on CGI programs.

5 – bland and unnecessary accounts

If a user does not use his account, make sure you removed from the system. This account will not last fall have left the password at regular intervals, a hole. readable or writable public files belonging to this account must be deleted. When you delete an unnecessary service make sure to remove or disable the account.

Security Resources on the Web

Bugtraq – Includes detailed discussion of Unix security holes

http://www.securityfocus.com/

Firewalls – Discuss the design, construction, operation and maintenance of firewall systems.

http://www.isc.org/services/public/lists/firewalls.html

Discuss the risks RISKS Society of computers

http://www.risks.org/

Insecure.org

http://www.insecure.org/