By ATS Staff on September 25th, 2023
Cybersecurity Linux
Linux is known for its security and robustness, making it a popular choice for servers, personal computers, and embedded systems. However, no system is inherently immune to security threats. Whether you're running Linux on a personal device or managing a server, there are essential practices you should follow to harden the system and reduce vulnerabilities. In this article, we explore practical steps to secure a Linux operating system.
Enforcing strong password policies is a simple yet effective way to secure user accounts. Use the following tips:
You can implement these through tools like PAM (Pluggable Authentication Modules) for Linux.
Logging in as root directly is risky. Instead, disable root login and use sudo for administrative tasks. Modify the /etc/ssh/sshd_config file and ensure the following line is set:
PermitRootLogin no
For remote access, disable password-based authentication and opt for SSH key authentication. Generate an SSH key pair on your client machine:
ssh-keygen -t rsa
Copy the public key to the server:
ssh-copy-id user@remote_server
Disable password authentication in /etc/ssh/sshd_config:
PasswordAuthentication no
Regular updates are crucial for patching security vulnerabilities. Use your system's package manager to keep the system and all software up to date:
sudo apt update && sudo apt upgrade
sudo yum update
Consider enabling automatic updates for critical patches.
You can configure automatic security updates by installing and configuring the unattended-upgrades package:
sudo apt install unattended-upgrades sudo dpkg-reconfigure --priority=low unattended-upgrades
Linux comes with various firewall tools like UFW (Uncomplicated Firewall) and iptables. Configuring your firewall to allow only necessary traffic is essential.
Enable UFW and configure it to allow only SSH, HTTP, and HTTPS:
sudo ufw allow OpenSSH sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw enable
Iptables provides more granular control. Here's an example of blocking all incoming traffic except for SSH and HTTP/HTTPS:
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT sudo iptables -A INPUT -j DROP
Ensure firewall rules persist across reboots.
Users should have only the minimum permissions required for their roles. Use the following commands to adjust file permissions:
For instance, set a file to be readable only by the owner:
chmod 600 sensitive-file
Ensure sensitive files like /etc/passwd and /etc/shadow have the correct permissions:
sudo chmod 600 /etc/shadow sudo chmod 644 /etc/passwd
To protect data at rest, use full disk encryption. Most Linux distributions support LUKS (Linux Unified Key Setup) for this purpose. Encrypting the disk prevents unauthorized access to data, even if the device is physically compromised.
During installation, many distributions offer the option to encrypt the entire disk. For existing installations, you can set up LUKS manually, though it typically requires backing up data and repartitioning the disk.
Logging is crucial for detecting suspicious activities. Linux stores system logs in /var/log. You can use tools like rsyslog or syslog-ng to manage and analyze logs.
Enable real-time monitoring with tools like:
sudo apt install auditd sudo auditctl -e 1
sudo apt install logwatch
Consider using an Intrusion Detection System (IDS) like AIDE (Advanced Intrusion Detection Environment) to detect unauthorized changes to the filesystem:
sudo apt install aide sudo aideinit
Regularly run checks to compare system state to known baselines:
sudo aide --check
Both AppArmor and SELinux provide Mandatory Access Control (MAC) mechanisms, further limiting what applications and users can do.
Enabled by default in distributions like Ubuntu, AppArmor enforces security policies on a per-application basis. Verify its status:
sudo aa-status
You can adjust the profile for each application in /etc/apparmor.d/.
SELinux is often used in Red Hat-based distributions. Use the getenforce command to check if SELinux is active, and set it to enforcing mode for maximum security:
sudo setenforce 1
Policies can be managed in /etc/selinux/config.
Reduce the attack surface by disabling services you do not need. List all active services with:
sudo systemctl list-unit-files --type=service --state=enabled
Disable unnecessary services like FTP or telnet, replacing them with secure alternatives (e.g., SSH for telnet):
sudo systemctl disable telnet sudo systemctl stop telnet
When accessing your Linux server remotely, use a VPN to encrypt traffic. OpenVPN and WireGuard are popular, secure options for setting up a VPN server.
If you don’t need IPv6, disable it to avoid potential security risks. You can do this by editing the /etc/sysctl.conf file:
net.ipv6.conf.all.disable_ipv6 = 1
Then apply the changes:
sudo sysctl -p
Regular backups ensure you can recover from security incidents like ransomware attacks or data loss. Use tools like rsync or tar for manual backups, or automate the process with solutions like Deja Dup or Duplicity. Store backups in a remote location, ensuring they are encrypted for extra security.
Securing a Linux system requires a multi-layered approach. By following these best practices—enforcing strong user authentication, keeping your system updated, configuring firewalls, restricting permissions, using encryption, and monitoring activity—you can significantly reduce the risk of breaches and vulnerabilities. The open-source nature of Linux means you have many tools at your disposal to implement robust security, but vigilance and regular updates are essential in maintaining it.