Linux Security Practices

Secure Linux system

  • Security is very important in Network, hackers always want to break into network with criminal purposes in mind.
  • In this guide, we will start with a general overview of the best practices associated with network security. It need a good skills with Linux.
  • It will covers encryption, firewalls, and passwords…
  • There are a number of steps we can take to secure our network. The way we configure for our computers can promote security.
  • Encyption protects data traveling over the network.
  • Good passwords in the right protect user account and Linux system.
  • Firewall help us various degrees of network protection : DoS, filter applications…

1. Physical Security

  • In home network, it’s best if we keep hubs, routers out of reach of tondders and pets… In generally, you are not worried about people who are trying to physically break into your home network
  • In Company Network, You should keep Servers, Routers in locked rooms, servers room. Secure rooms are also good locations for backup media.
  • In any secure setting, consider the use the other basic security system such as alarms, guards, cameras, ID Systems, Locked door with ID system…

2. Disable Uneeded services

  • Check all services which will be start with Linux system
[root@localhost ~]# chkconfig –list
NetworkManager 0:off 1:off 2:on 3:on 4:on 5:on 6:off
abrt-ccpp 0:off 1:off 2:off 3:on 4:off 5:on 6:off
abrt-oops 0:off 1:off 2:off 3:on 4:off 5:on 6:off
abrtd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
avahi-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
blk-availability 0:off 1:on 2:on 3:on 4:on 5:on 6:off
bluetooth 0:off 1:off 2:off 3:on 4:on 5:on 6:off
cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off
dnsmasq 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dropbox 0:off 1:off 2:on 3:on 4:on 5:on 6:off
firstboot 0:off 1:off 2:off 3:on 4:off 5:on 6:off
haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
htcacheclean 0:off 1:off 2:off 3:off 4:off 5:off 6:off
httpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off
kamailio 0:off 1:off 2:off 3:on 4:on 5:on 6:off
kdump 0:off 1:off 2:off 3:on 4:on 5:on 6:off
lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off
mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off
messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mysqld 0:off 1:off 2:off 3:on 4:on 5:on 6:off
named 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ntpdate 0:off 1:off 2:off 3:off 4:off 5:off 6:off
portreserve 0:off 1:off 2:on 3:on 4:on 5:on 6:off
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off
quota_nld 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off
restorecond 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rngd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
smartd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
snmpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
spice-vdagentd 0:off 1:off 2:off 3:off 4:off 5:on 6:off
squid 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off
vmware-tools 0:off 1:off 2:on 3:on 4:on 5:on 6:off
vmware-tools-thinprint 0:off 1:off 2:on 3:on 4:on 5:on 6:off
vpnagentd_init 0:off 1:off 2:off 3:on 4:on 5:on 6:off
wdaemon 0:off 1:off 2:off 3:off 4:off 5:off 6:off
winbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
wpa_supplicant 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@localhost ~]# chkconfig –list
NetworkManager 0:off 1:off 2:on 3:on 4:on 5:on 6:off
abrt-ccpp 0:off 1:off 2:off 3:on 4:off 5:on 6:off
abrt-oops 0:off 1:off 2:off 3:on 4:off 5:on 6:off
abrtd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
avahi-daemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
blk-availability 0:off 1:on 2:on 3:on 4:on 5:on 6:off
bluetooth 0:off 1:off 2:off 3:on 4:on 5:on 6:off
cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
cups 0:off 1:off 2:on 3:on 4:on 5:on 6:off
dnsmasq 0:off 1:off 2:off 3:off 4:off 5:off 6:off
dropbox 0:off 1:off 2:on 3:on 4:on 5:on 6:off
firstboot 0:off 1:off 2:off 3:on 4:off 5:on 6:off
haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
htcacheclean 0:off 1:off 2:off 3:off 4:off 5:off 6:off
httpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off
kamailio 0:off 1:off 2:off 3:on 4:on 5:on 6:off
kdump 0:off 1:off 2:off 3:on 4:on 5:on 6:off
lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off
mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off
messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mysqld 0:off 1:off 2:off 3:on 4:on 5:on 6:off
named 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ntpdate 0:off 1:off 2:off 3:off 4:off 5:off 6:off
portreserve 0:off 1:off 2:on 3:on 4:on 5:on 6:off
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
psacct 0:off 1:off 2:off 3:off 4:off 5:off 6:off
quota_nld 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off
restorecond 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rngd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
smartd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
snmpd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
snmptrapd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
spice-vdagentd 0:off 1:off 2:off 3:off 4:off 5:on 6:off
squid 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off
vmware-tools 0:off 1:off 2:on 3:on 4:on 5:on 6:off
vmware-tools-thinprint 0:off 1:off 2:on 3:on 4:on 5:on 6:off
vpnagentd_init 0:off 1:off 2:off 3:on 4:on 5:on 6:off
wdaemon 0:off 1:off 2:off 3:off 4:off 5:off 6:off
winbind 0:off 1:off 2:off 3:off 4:off 5:off 6:off
wpa_supplicant 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@localhost ~]#
  •  If you don’t want to use httpd (web services) which is ON, you can disable that
[root@localhost ~]# service httpd stop
Stopping httpd: [ OK ]
[root@localhost ~]# chkconfig –level 123456 httpd off
[root@localhost ~]# chkconfig –list httpd
httpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
[root@localhost ~]#
  • We also need look xinetd services which can start some services in startup such as: ftp, tftp …

 

3. Uninstall services if we not use that

 

4. Encryption

  •  It’s very important to encrypt sensitive data which we are sending over a network. In most cases, this means we use a private key to scramble the data we send.
  • We then supply our users with public key that they use to unscramble our data.
  • Types of encryption
    • MD5 passwords : Linux can support long passwwords up to 256 characters.
    • Shadow Password Suite : encrypting the passwords in /etc/shadow, normally it can access by root.
    • Kerberos : This encryption system eliminates the need to send passwords over a network. Both the client and server are authoried by a ticket-granting service.
    • GNU Privacy Guard : Commonly used to encrypt email, is used to verify the authenticity of downloads RPM.
    • RSA and DSA : Digital signature algorithms (DSA) are associated with SSH network access.

5. Password Security

  • 3 levels password which we can protect our Linux System: boot loader (GRUB), Login users password, and on Linux Server box (BIOS).
    • Password on Linux Server Box : we can set BIOS password to secure your Linux box.
    • Passwords on Boot loader (GRUB): 2 available Boot loaders in Linux LILO and GRUB. So you should put password for that. LILO is now deprecated so most of Linux systems are using GRUB as boot loader.
    • Passwords for login users : we should have password policy for Linux sytem.

6. Firewalls

  • 3 types of firewall are available on Linux Sytem.
    • Iptables Firewall: Best way to use Iptables Firewall to protect your Linux System
    • Based on services : On services such as :apache we can filter IP address access to Web services by that service.
    • xinetd deamon : We can use firewall on xinetd deamon.

7. Iptables Firewall Management

  •  Iptables based on regarding data traffic with 3 directions: in, out and through. So we can configure iptables to filter traffic coming in from an outside network.
  • Linux save iptables configuration in /etc/sysconfig/iptables.
[root@ITHelpBlog ~]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
[root@ITHelpBlog ~]#
  • Format of iptables
    • Syntax: iptables -t table options pattern -j action

 

  • Options for iptables
    • We are having 4 main options for iptables: -L (list), -A (append), -D (delete) and -F (flush) rules in a chain.
    • iptables -L –> List all rules on all chains.
    • iptables -L INPUT –> List all ruls for INPUT chain.
    • iptables -A INPUT -p tcp –dport 22 -j ACCEPT –> Allow ssh to Linux system.
    • iptables -D INPUT 7 –> Delete rule 7.
    • iptables -F INPUT –> Delete all rules on INPUT chain.
    • iptables -F –> Delete (flush) all rules on all the chains.
    • Details all options in iptables
      • -A chain rule : Appends a rule to the end of a chain
      • -D chain number : Delete the rule number from the specified chain.
      • -F chain : Deletes all rule from specified chain.
      • -I chain number rule : insert a rule to specified rule number in a chain.
      • -L chain : list the current rule in specified chain.
      • -N : starts a new chain.
      • -X : delete a user-defined chain.

 

  • Patterns for iptables:
    • Patterns can match the IP Address of the packet from source and/or destination, TCP/UDP port, ICMP or any protocol.
    • IP Address Patterns
      • Example if you want one IP Address through your Linux system with icmp
        • iptables -A FORWARD -s 4.3.4.5 -p icmp –icmp-type echo-request -m limit –limit 1/s -j ACCEPT
      • Note: -s means the source IP Address which will be allowed through Linux system.
    • Main switches for iptables
      • –dport port : destination port.
      • –icmp-type message : allow specifed ICMP messages.
      • –j action : 4 main actions: ACCEPT, DROP, REJECT or LOG.
      • –limit time : set allowed rate for packet; can be in seconds, minutes, hours or days, 2/s –> 2 packets per second.
      • -m condition: looks a data for a match, it maybe a protocol (tcp/udp) or limit.
      • -p protocol : specific protocol tcp or udp.
      • -s IP/Subnet : Source IP address/ Subnet.
      • –sport port : set source port
      • –tcp-flags flags(SYN,ACK,FIN,RST…) : looks for flag in TCP packet.

 

  • Actions for iptables:
    •  When iptables found a match, it will look for the action. So Iptables provides 4 actions: ACCEPT, DROP, REJECT and LOG.
      • -j ACCEPT : allow packets IN, OUT, FORWARD on the matched rules.
      • -j DROP : drop packets IN, OUT, FORWARD on the matched rules.
      • -j REJECT : drops packets IN, OUT, FORWARD on the matched rules and send notification to the sender.
      • -j LOG : log matched rules to log file. Normally it’s /var/log/messages.

 

 

 

8. Checking Logins

  • We should check login records in Linux system in /var/log/wtmp.
  • We can read that file by utmpdump /var/log/wtmp or we can use last command.
[root@ITHelpBlog ~]# last
root pts/3 192.168.0.101 Wed Oct 9 17:05 still logged in
root pts/2 :0.0 Wed Oct 9 17:03 still logged in
root tty1 :0 Wed Oct 9 17:02 still logged in
root pts/1 192.168.0.101 Wed Oct 9 16:21 still logged in
root pts/0 192.168.0.101 Tue Oct 8 09:51 still logged in
reboot system boot 2.6.32-358.2.1.e Tue Oct 8 09:50 – 17:05 (1+07:15)
root pts/3 192.168.0.101 Tue Oct 8 09:48 – down (00:00)
root pts/2 192.168.0.101 Tue Oct 8 08:10 – down (01:39)
root pts/1 192.168.43.37 Mon Oct 7 21:10 – down (12:38)
root pts/0 :0.0 Mon Oct 7 21:09 – down (12:39)
root tty1 :0 Mon Oct 7 21:08 – down (12:40)
root pts/0 192.168.0.101 Mon Oct 7 09:16 – 10:17 (01:01)
root pts/0 192.168.0.101 Mon Oct 7 01:37 – 04:54 (03:17)
reboot system boot 2.6.32-358.2.1.e Mon Oct 7 01:24 – 09:49 (1+08:24)
root pts/1 192.168.0.101 Mon Oct 7 01:07 – down (00:16)
root pts/0 :0.0 Mon Oct 7 01:06 – down (00:17)
root tty1 :0 Mon Oct 7 01:05 – down (00:18)
reboot system boot 2.6.32-358.2.1.e Mon Oct 7 01:03 – 01:24 (00:20)
root pts/2 192.168.0.101 Sun Oct 6 12:50 – 00:14 (11:23)
root pts/1 :0.0 Sun Oct 6 12:48 – down (12:14)
root tty1 :0 Sun Oct 6 12:48 – down (12:14)
root pts/0 192.168.0.12 Sat Oct 5 10:56 – 00:09 (1+13:13)
reboot system boot 2.6.32-358.2.1.e Sat Oct 5 10:55 – 01:03 (1+14:07)
root pts/1 192.168.0.12 Sat Oct 5 10:47 – down (00:07)
root pts/0 :0.0 Sat Oct 5 10:44 – down (00:10)
root tty1 :0 Sat Oct 5 10:38 – down (00:16)
reboot system boot 2.6.32-358.2.1.e Sat Oct 5 10:36 – 10:55 (00:18)
root pts/2 192.168.0.101 Thu Oct 3 03:13 – 11:27 (08:13)
root pts/1 192.168.0.101 Sun Sep 29 02:16 – 04:53 (4+02:36)
root pts/2 192.168.0.101 Sat Sep 28 11:51 – 13:44 (01:52)
root pts/1 192.168.0.101 Wed Sep 25 11:48 – 13:21 (3+01:32)
root pts/1 192.168.0.101 Mon Sep 23 11:27 – 09:15 (1+21:48)
root pts/1 192.168.0.106 Mon Sep 23 03:38 – 03:40 (00:02)
root pts/0 :0.0 Mon Sep 23 03:37 – down (12+06:58)
root tty1 :0 Mon Sep 23 03:36 – down (12+06:59)
reboot system boot 2.6.32-358.2.1.e Mon Sep 23 03:32 – 10:35 (12+07:03)
root pts/0 192.168.0.101 Sun Sep 22 23:00 – 03:00 (03:59)
root pts/0 192.168.0.106 Sun Sep 22 22:24 – 22:55 (00:31)
root pts/2 192.168.1.134 Sun Sep 22 20:02 – 22:51 (02:48)
root pts/1 :0.0 Sun Sep 22 19:20 – 23:03 (03:42)
root tty1 :0 Sun Sep 22 19:17 – crash (08:15)
root pts/0 192.168.0.101 Sat Sep 21 12:30 – 21:30 (1+09:00)
reboot system boot 2.6.32-358.2.1.e Sat Sep 21 12:10 – 10:35 (13+22:25)
root pts/0 192.168.0.101 Sat Sep 21 12:08 – down (00:00)
reboot system boot 2.6.32-358.2.1.e Sat Sep 21 12:06 – 12:09 (00:02)
reboot system boot 2.6.32-358.2.1.e Sat Sep 21 12:06 – 12:06 (00:00)
reboot system boot 2.6.32-358.2.1.e Sat Sep 21 11:54 – 11:54 (00:00)
root pts/3 192.168.0.101 Sat Sep 21 11:39 – down (00:02)
root pts/2 192.168.129.1 Tue Jul 9 02:49 – down (74+08:51)
root pts/2 192.168.129.1 Mon Jul 8 23:05 – 23:22 (00:17)
root pts/1 192.168.129.1 Tue Jul 2 02:45 – down (81+08:56)
root pts/2 192.168.0.103 Mon Jun 10 02:10 – 10:58 (08:47)
root pts/1 192.168.0.102 Tue May 21 08:41 – 03:32 (19+18:51)
root pts/1 192.168.0.103 Mon Mar 25 09:46 – 10:53 (01:07)
root pts/4 192.168.0.103 Sun Mar 24 08:46 – 10:25 (01:39)
root pts/3 192.168.0.103 Sun Mar 24 08:38 – 10:25 (01:47)
root pts/2 192.168.0.114 Sun Mar 24 06:31 – 07:23 (1+00:52)
root pts/1 192.168.0.114 Sun Mar 24 03:05 – 06:57 (1+03:52)
root pts/0 :0.0 Sun Mar 24 03:04 – down (181+08:36)
root tty1 :0 Sun Mar 24 02:27 – down (181+09:13)
reboot system boot 2.6.32-279.el6.x Sun Mar 24 02:24 – 11:41 (181+09:17)
root pts/1 192.168.0.103 Fri Mar 22 16:02 – 17:50 (01:47)
root pts/3 192.168.0.103 Fri Mar 22 04:19 – 17:41 (13:21)
root pts/2 192.168.0.103 Fri Mar 22 04:06 – 16:59 (12:52)
root pts/1 192.168.0.103 Wed Mar 20 16:51 – 05:19 (1+12:28)
root pts/1 192.168.0.109 Tue Mar 19 05:49 – 09:00 (03:11)
root pts/1 192.168.0.103 Wed Mar 13 03:31 – 05:44 (6+02:12)
root pts/0 :0.0 Wed Mar 13 03:30 – crash (10+22:54)
root tty1 :0 Wed Mar 13 03:29 – crash (10+22:54)
reboot system boot 2.6.32-279.el6.x Wed Mar 13 00:03 – 11:41 (192+11:37)
root pts/2 192.168.0.103 Sun Mar 10 08:47 – 11:33 (02:46)
root pts/1 192.168.0.103 Sun Mar 10 08:41 – 10:52 (02:11)
root pts/1 192.168.0.112 Thu Mar 7 05:07 – 00:44 (19:37)
root pts/0 :0.0 Thu Mar 7 03:17 – crash (5+19:46)
root tty1 :0 Thu Mar 7 03:16 – crash (5+19:47)
reboot system boot 2.6.32-279.el6.x Thu Mar 7 03:09 – 11:41 (198+07:31)
reboot system boot 2.6.32-279.el6.x Wed Mar 6 02:00 – 11:41 (199+08:41)
root pts/1 192.168.0.103 Fri Mar 1 03:51 – 00:15 (2+20:23)
root pts/0 :0.0 Fri Mar 1 03:48 – crash (4+22:12)
root tty1 :0 Fri Mar 1 02:07 – crash (4+23:52)
reboot system boot 2.6.32-279.el6.x Fri Mar 1 00:06 – 11:41 (204+10:34)
root pts/1 192.168.0.103 Wed Feb 27 23:57 – down (11:38)
root pts/0 :0.0 Wed Feb 27 23:56 – down (11:39)
root tty1 :0 Wed Feb 27 23:51 – down (11:43)
reboot system boot 2.6.32-279.el6.x Wed Feb 27 23:49 – 11:35 (11:46)
root pts/1 192.168.0.34 Mon Feb 18 00:14 – 05:34 (05:19)
root pts/3 192.168.0.34 Sun Feb 17 22:34 – 22:51 (00:17)
root pts/2 192.168.0.21 Mon Feb 4 13:59 – 00:23 (13+10:23)
root pts/1 192.168.0.103 Mon Jan 28 23:17 – 23:21 (20+00:04)
root pts/1 192.168.0.111 Mon Jan 28 11:18 – 23:14 (11:55)
root pts/0 :0.0 Mon Jan 28 11:16 – crash (30+12:33)
root tty1 :0 Mon Jan 28 11:15 – crash (30+12:33)
reboot system boot 2.6.32-279.el6.x Mon Jan 28 11:14 – 11:35 (31+00:21)
root pts/1 192.168.0.110 Mon Jan 28 10:16 – 10:49 (00:33)
root pts/1 192.168.0.103 Mon Jan 28 02:44 – 09:57 (07:13)
root pts/1 192.168.0.103 Tue Jan 22 23:42 – 01:54 (02:12)
root pts/3 192.168.0.103 Mon Jan 14 23:21 – 11:15 (11:53)
root pts/2 192.168.0.103 Mon Jan 14 23:15 – 11:15 (11:59)
root pts/1 192.168.129.1 Sun Jan 13 10:02 – 00:43 (1+14:40)
root pts/0 :0.0 Sun Jan 13 10:00 – crash (15+01:14)
root tty1 :0 Sun Jan 13 10:00 – crash (15+01:14)
reboot system boot 2.6.32-279.el6.x Sun Jan 13 09:45 – 11:35 (46+01:50)
root tty1 :0 Fri Jan 11 11:33 – crash (1+22:11)
root pts/0 192.168.0.103 Thu Jan 10 05:05 – crash (3+04:39)
reboot system boot 2.6.32-279.el6.x Thu Jan 10 05:03 – 11:35 (49+06:31)
root pts/1 192.168.0.103 Thu Jan 10 04:54 – down (00:09)
root pts/0 :0.0 Thu Jan 10 04:52 – down (00:10)
root tty1 :0 Thu Jan 10 04:52 – down (00:11)
reboot system boot 2.6.32-279.el6.x Thu Jan 10 03:16 – 05:03 (01:46)
root pts/3 192.168.129.1 Wed Jan 9 10:24 – 10:48 (00:23)
root pts/3 192.168.129.1 Sun Jan 6 15:43 – 16:16 (00:32)
root pts/1 192.168.129.1 Sun Jan 6 15:38 – crash (3+11:38)
root pts/4 192.168.129.1 Sun Jan 6 10:04 – crash (3+17:12)
root pts/4 192.168.129.1 Sat Jan 5 09:16 – 10:18 (01:02)
root pts/3 192.168.129.1 Sat Jan 5 09:06 – 11:03 (1+01:57)
root pts/2 :0.0 Sat Jan 5 09:06 – crash (4+18:10)
root pts/1 192.168.129.1 Fri Jan 4 11:21 – 10:42 (1+23:21)
root pts/0 :0.0 Fri Jan 4 11:15 – crash (5+16:01)
root tty1 :0 Fri Jan 4 11:07 – crash (5+16:09)
reboot system boot 2.6.32-279.el6.x Fri Jan 4 04:16 – 05:03 (6+00:46)
root tty1 :1 Fri Jan 4 04:15 – 04:16 (00:00)
user tty7 :0 Fri Jan 4 03:54 – down (00:21)
reboot system boot 2.6.32-279.el6.x Fri Jan 4 10:47 – 04:16 (-6:-31)wtmp begins Fri Jan 4 10:47:41 2013
[root@ITHelpBlog ~]#

9. Using Tripwire

10. PAM (Pluggable Authentication Modules)

  • Another level of security is based on PAM. It will help us to limit access to specific applications. Example halt or network configuration to root user.
  • Different modules let us regulate access by user, password or access location.
  • Control flags determine whether passing a PAM command is enough to qualify the user to access application.
  • PAM configuration is in /etc/pam.d directory.
  • PAM format/syntax
    • module_type control_flag module_location arguments
[root@ITHelpBlog ~]# cd /etc/pam.d
[root@ITHelpBlog pam.d]# ls
atd newrole squid
authconfig other sshd
authconfig-gtk passwd ssh-keycat
authconfig-tui password-auth su
chfn password-auth-ac sudo
chsh polkit-1 sudo-i
config-util poweroff su-l
cups ppp system-auth
eject reboot system-auth-ac
fingerprint-auth remote system-config-authentication
fingerprint-auth-ac run_init system-config-date
gdm runuser system-config-keyboard
gdm-autologin runuser-l system-config-network
gdm-fingerprint setup system-config-network-cmd
gdm-password smartcard-auth system-config-users
gnome-screensaver smartcard-auth-ac vmtoolsd
halt smtp xserver
login smtp.postfix
[root@ITHelpBlog pam.d]#
  • Module types
    • Password : PAM passwords module can set limits the number of attempted logins and password strenght.
    • Session : limit the number of times any specific user can login to Linux.
    • Account : Allow or deny access based on a user list, time, or password expire.
    • Auth : Authentication modules can prompt for username and password.
  • Control Flags
    • Optional : Not really matter, unless all other modules also have the optional control flag.
    • Required : If we can not pass this, application will be failed.
    • Requisite : If we can not pass this, authentication will be stop, don’t allow use command.
    • Sufficient : If we can pass this, authetication will be stop process, and OK to use the command.
  • Example:
    • account required pam_permit.so –> uses the account module tyep with required control flag. The pam_permit.so module always returns PAM_SUCCESS.

 

So we are having 10 Security practices with network security for our Linux Server: configuring different levels of firewall , encrypted communications, passwords for BIOS and bootloader, PAM limits access to specific applications, Iptables to protect the Network, wtmp to check login user, Tripwire to check file/folder integrity…

Thanks for using IThelpblog.com.

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Go to top