• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

Menu
  • About
  • Must Read
      • IIS Performance Boost
      • RFID Security
      • Web App Security Testing
      • How to Secure Home Network
      • Prevent Cross-Site Scripting Attacks
      • Renew Self-Signed Certificates
      • Penetration Testing Tools
      • VPN Concentrator
      • Forensic Investigation Tools
      • Digital Certificates
      • Cloud Security Issues
      • Advanced Evasion Prevention
      • Firewall Types
      • Tips to Prevent Data Exfiltration
      • Classified Info Handling
      • MySQL Security
      • Definition of 7 Types of Malware
      • VOIP Security
      • Why Antivirus Software Fails
      • 15 Network Security Vulnerabilities
      • Web App Security
      • IT Security Standards
      • Types of Virtualization
      • Android Security
      • Digital Signature
      • Advanced Malware Protection
    • Close
  • Consultancy
  • Contact

Linux Security Basics

by wing

The purpose of the Linux security checklist is to help the Linux users, entry-level, to become familiar with the most common security vulnerability of Linux operations systems. As you know security checking needs to be verified against well established practices, the following steps are necessary to following before starting your Linux security checking.

  1. Version number of Linux
  2. How many users use the OS?
  3. How many applications are running in your server?
  4. What are the active services?
  5. If your sever physically secured
  6. Whether modification in Linux configuration needs to go through authorization from senior management
  7. What is your backup plan?
  8. If there is any antivirus software running
  9. Check the access control list of the routers and firewalls, if any, directly connected to your server
  10. Do not use Telnet and FTP since both transmit unencrypted text. Instead use SSH and SFTP for secure connection with other servers or networks.
  11. Power supply unit to your Linux server? Is there any emergency power supply?
  12. Temperature and environmental control of the server room. 

First of all, you need to gather some data from your OS by running a few commands. And then check the result with the best practices to harden the security settings.

 

linux security

In short, you have to do the following checking:

  • Linux administrative security:  File ownership control, password policy, access control to your server
  • Protection against attacks such as DOD and spoofing.
  • Blocking unwanted protocols that may pose a risk to your system

 

Visually check the following things:

Install all the third party software in a different file system other than that of root directory file systems.

The directories that should be checked are  /, /boot, /usr, /var, /tmp,

Things  you need to check up in command prompt

1. Detect and close unnecessary port:

For communication within and outside of your network Linux use tcp and udp ports. Try to identify which ports are necessary and then allow only the ports that are necessary for you. To get a list of active ports run the following commands:

# netstat –tulp

2. Scan your server:

Start a scan from another machine to learn what ports are in listening mode in your Linux server. Use the command:

# nmap -sTU <your host machine>

 3. Stop unnecessary services:

Run the command “chkconfig –list |grep on” to find a list of services that starts when you Linux boot up. Remember not to disable the run level services. Use the following command to stop a service permanently:

# chkconfig  (the name of the service)   off

Normally, xinetd.d is used to monitor and manage the network ports. If your xinetd.d is running, then find out which services are using it. The command to list the services using xinetd.d  is:

# chkconfig –list | awk

For example, if you are only worried about if any FTP ports are opened in your Linux, use the command chkconfig –list ftp to find if this service is still on and to disable it use “chkconfig telnet off” command. Instead of stopping the service you can completely remove that service’s package with “rpm -e telnet-server” command.

4.Limit the use of NFS

As you know that network file system or NFS is extensively used for sharing files and sharing file means allowing others access to your disk space. So, you need to limit the use of NFS. Only allow NFS when you need it. Otherwise, you can enable TCP wrapper with FHS. To check the status of NFS your system uses the command as follows:

# service nfs status

5. Su access control

Control the users’ access with the Su privileges by putting the root users in a group. The command to create a user group with super user permission is given below:

# groupadd rootmembers (users account name with root access)

The security tips given in this article are just the most basic, but important measures to secure your Linux.  If you want to be the master of Linux security then you need to have some more insights about all the Linux services and their functions. It is even better for you if you can learn about Linux kernel and buy a good book about administering Linux.

Update both the system and the application software

If your system is running with outdated OS,  you must update your OS and all the applications. An older version of OS is easy target for attackers because of well known security holes. To update a Debian based Linux use “apt-get update” command and to update CentOS use “yum update” command.

Related Posts:

  • contact
    Consultancy
  • how to download lysis in linux
    How to audit Linux CentOS Security with Lynis
  • how to disable root user access via SSH in centos
    How to Disable Root Login Via SSH in Linux
  • penetration testing tools
    15 Penetration Testing Tools-Open Source
  • How to Run MySQL Database Anonymize Script from Linux Bash Shell
    How to Run MySQL Database Anonymize Script from…
  • 8 Open Source Web Application Security Testing Tools
    8 Open Source Web Application Security Testing Tools

Filed Under: Network Security Tips Tagged With: basics, linux, security tips

Primary Sidebar

Categories

  • AWS
  • containers
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Network Security Tips
  • Off Track
  • Telecom
  • Tutorial

Related Posts

  • how to download lysis in linux
    How to audit Linux CentOS Security with Lynis
    Hardening Linux security may seem to be a daunting task…
  • how to disable root user access via SSH in centos
    How to Disable Root Login Via SSH in Linux
    Having the option of logging in to your server with…
  • penetration testing tools
    15 Penetration Testing Tools-Open Source
    In footprinting or reconnaissance phase, a penetration tester collects as…
  • How to Run MySQL Database Anonymize Script from Linux Bash Shell
    How to Run MySQL Database Anonymize Script from…
    How to run mysql annoymise scripot from bash shell. To…
  • 8 Open Source Web Application Security Testing Tools
    8 Open Source Web Application Security Testing Tools
    Web application security testing might seems intimidating and esoteric to…
  • mysql security
    MySQL Security Settings Checklist and Issues
    Securing MySQL requires not only hardening the security configuration of…
  • How to Renew Self-Signed SSL Certificate with OpenSSL Tool in Linux
    How to Renew Self-Signed SSL Certificate with…
    OpenSSL is a free and open-source SSL solution that anyone…
  • Android Security Issues and Prevention
    Android Security Issues and Prevention
    This post about android security intends to give the Android…
  • Active Directory Security Checklists
    Active Directory Security Checklists
    As you know that in a Windows based domain system,…
  • windows server security best practices
    Top 20 Windows Server Security Hardening Best Practices
    By following windows server security best practices, you can ensure…
  • initialize a physical volume in linux
    How to Extend Linux LVM by Adding a New Hard Disk
    You may need to add new disk to your Linux…
  • basics of oracle database security
    Oracle Security Basics
    Popularity has a price to pay since everything on this…

CISSP Sample Test

Take a CISSP Sample Test

CISA IT governance Sample test



Twitter Follow @securitywing

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

antivirus audit AWS backup browser check cisco cloud computer cyber data database encryption firewall home hsrp ids informaiton internet intrusion it kubernetes linux load balancing malware network protection putty risk router security security tips server ssh SSL switch tools virus vpn vulnerability web webserver website windows wordpress

Copyright © 2010-2023 ·All Rights Reserved · SecurityWing.com