The purpose of the Linux security checklist is to help the Linux users, entry-level, to become familiar with the most common security vulnerability of Linux operations systems. As you know security checking needs to be verified against well established practices, the following steps are necessary to following before starting your Linux security checking.
- Version number of Linux
- How many users use the OS?
- How many applications are running in your server?
- What are the active services?
- If your sever physically secured
- Whether modification in Linux configuration needs to go through authorization from senior management
- What is your backup plan?
- If there is any antivirus software running
- Check the access control list of the routers and firewalls, if any, directly connected to your server
- Do not use Telnet and FTP since both transmit unencrypted text. Instead use SSH and SFTP for secure connection with other servers or networks.
- Power supply unit to your Linux server? Is there any emergency power supply?
- Temperature and environmental control of the server room.
First of all, you need to gather some data from your OS by running a few commands. And then check the result with the best practices to harden the security settings.
In short, you have to do the following checking:
- Linux administrative security: File ownership control, password policy, access control to your server
- Protection against attacks such as DOD and spoofing.
- Blocking unwanted protocols that may pose a risk to your system
Visually check the following things:
Install all the third party software in a different file system other than that of root directory file systems.
The directories that should be checked are /, /boot, /usr, /var, /tmp,
Things you need to check up in command prompt
1. Detect and close unnecessary port:
For communication within and outside of your network Linux use tcp and udp ports. Try to identify which ports are necessary and then allow only the ports that are necessary for you. To get a list of active ports run the following commands:
# netstat –tulp
2. Scan your server:
Start a scan from another machine to learn what ports are in listening mode in your Linux server. Use the command:
# nmap -sTU <your host machine>
3. Stop unnecessary services:
Run the command “chkconfig –list |grep on” to find a list of services that starts when you Linux boot up. Remember not to disable the run level services. Use the following command to stop a service permanently:
# chkconfig (the name of the service) off
Normally, xinetd.d is used to monitor and manage the network ports. If your xinetd.d is running, then find out which services are using it. The command to list the services using xinetd.d is:
# chkconfig –list | awk
For example, if you are only worried about if any FTP ports are opened in your Linux, use the command chkconfig –list ftp to find if this service is still on and to disable it use “chkconfig telnet off” command. Instead of stopping the service you can completely remove that service’s package with “rpm -e telnet-server” command.
4.Limit the use of NFS
As you know that network file system or NFS is extensively used for sharing files and sharing file means allowing others access to your disk space. So, you need to limit the use of NFS. Only allow NFS when you need it. Otherwise, you can enable TCP wrapper with FHS. To check the status of NFS your system uses the command as follows:
# service nfs status
5. Su access control
Control the users’ access with the Su privileges by putting the root users in a group. The command to create a user group with super user permission is given below:
# groupadd rootmembers (users account name with root access)
The security tips given in this article are just the most basic, but important measures to secure your Linux. If you want to be the master of Linux security then you need to have some more insights about all the Linux services and their functions. It is even better for you if you can learn about Linux kernel and buy a good book about administering Linux.
Update both the system and the application software
If your system is running with outdated OS, you must update your OS and all the applications. An older version of OS is easy target for attackers because of well known security holes. To update a Debian based Linux use “apt-get update” command and to update CentOS use “yum update” command.