Friday, April 23, 2010

Good Security Pratices On Linux

Some time ago, the open source world was caught by surprise by the announcement of a malware for Linux, hidden in a screensaver for Gnome in

There was an uproar, and the Microsoft fanboys  rushed to point the finger to Linux and say that Linux is as vulnerable as windows. Easy down folks, lets do not confuse things here. Just because the Porsche and the VW beetle share the same designer, Ferdinand Porsche, it doesn't mean they can be equally called cars. One (the Porsche) is a car, the other (VW Beetle) is a mean of transportation.

But to help the folks who are migrating to Linux, and innocently have the naive hope that nothing will happen to their Linux machines, unfortunately we have to say: Curb your enthusiasm. But do keep excited, as Linux is not windows. And, in the security department, it will never be (thank God, Linus and all the folks: Programmers, testers and users)

Security in Linux (as with any operating system) is a matter of habit, then we will list some tips that will facilitate good security habits on Linux.

Of course, these tips here apply to desktop systems (home or office). For servers, we would have other much more restrictive rules.

  • Never work as root. Working with the root account is very risky. Use root only for maintenance tasks, with SU (or kdesu or Gksu), and never log into the system with this account. Browse the internet as root ? No way.
  • Do not enable auto login if your computer can be used by others. Auto login is a very interesting feature, but if you have information you want to keep private, it is not a good policy to enable auto login.
  • Be careful with Grub. It can easily be circumvented to allow privileged access to your machine. If you are afraid that someone access your machine in your absence, it is necessary to "shield" Grub (although, if there is physical access to the machine, it is 70 to 99% compromised).
     What happens? You can change the boot options in Grub boot easily.
     See how this occurs:
     "Press ESC to enter the menu ..."
     Press the ESC and a list of boot options will appear. Then do the following:
     Select the line for Linux and press "e";
     Next, the boot  command lines of the distro appear. Select the line that starts with kernel ... and press the "e" button again;
     The line appears editable now;
     Delete the options “ro quiet splash locale=EN_US” and type “root=/dev/hda0 rw init=/bin/bash” over.  (without the quotes marks and assuming your hard drive is/hda0);
     Press enter to get back to the menu and press "b” to boot the system.
     And, voilá, you got root, and can do whatever you want on this system.
     How to prevent it ? Putting a password on Grub.
     Edit the file /boot/grub/menu.lst
     Uncomment the line "password " where" password" is the password you want to place.
     But a so simple password would be seen easily. Let's make things harder for the attacker. Open a terminal and type “grub-md5-crypt” (without quote marks) and  ENTER.
     then enter twice the password you want and write down the answer (which is quite strange)
    Now, edit the file /boot/grub/menu.lst and insert the line“password –md5 (the password)”, where password is the weird sequence of characters the previous command produced.
    Ex.: password –md5 $1$3/9xL/$Uv7mG37A77UBUnh/GkogN/
  • Update your system regularly, better, daily. While the flaws in the windows are slow to be resolved, in Linux, sometimes are resolved within hours. So, be with your system up to date is a good security policy.
  • Do not let sshd (SSH daemon) turned on in your machine. It will be always listening, and with this "backdoor" open to the outside world, it's a lure for attackers (professional crackers or sunday crackers) to get to tinker with your system. Disable SSH instead. On servers, SSH has its reason to be. At home desktop PCs, not that much.
  • Do not allow the execution of scripts on the / tmp and / home . Yes, let's say an attacker was able to access your machine and compromise the security, getting access to an user account. The next step is to upload a script that exploits a fault, or kernel hole, buffer overflow, etc ... to gain root privileges. What to do??
    Two things:

    1. Limit the number of users on your machine. If it's just you using, have only your account and root.
    2. Disable the execution of scripts in / home and / tmp. How?? In the Fstab.
      First, make a backup of your current fstab. Then, with a text editor of your choice (emacs, mcedit, joe) make the following changes:
      Find the line that references your /home partition Ex.: # /dev/sda7 UUID=413eee0c-61ff-4cb7-a299-89d12b075093  /home  ext3  nodev,nosuid,relatime  0  2
      And change it to # /dev/sda7 UUID=413eee0c-61ff-4cb7-a299-89d12b075093  /home  ext3 noexec,nodev,nosuid,relatime  0  2
      If /tmp is on a separate partition, the procedure is the same, noting that the 3 options should be added after the declaration of the  type of the file system (in the case above, would atfer ext3.)
      Exempla: LABEL=/tmp /tmp ext3 noexec,nosuid,nodev 0 0
  • Do not install packages from sites you do not know. Note that even a popular and "reliable" site  as was the target of malware infected software, so double your attention.
  • The following tip has to do with above: Never download anything in torrent (OTHER THAN ISOS OF DISTROS YOU WANT TO INSTALL) for your operating system. Today it is becoming  popular piracy of paid programs for Linux being distributed on torrent sites. As there is no way to verify the origin of those packages, they are potentially dangerous.
  • Disable the execution of compilers for any user in your machine. By doing this you will ensure that the compiler will not be used to install exploits on your machine.
    Ex: #chmod 000 /usr/bin/*cc*
          To reset: #chmod 700 /usr/bin/*cc*
  • Be Very careful about p2p sharing programs  (Frostwire and others). If you do not configure properly the location of the shared files, you could jeopardize all the files in your /home. The ideal is to set a specific partition to share, with no connection with your /home, to preserve your data.
  • Do not install Addons for Firefox from other sites than the site of the Mozilla Foundation. Here goes the same advice to do not download packages from unknown sites.
  • Use a firewall. Even if you have nothing "listening" to the external network, a firewall is very important, as your machine can be used to trigger a denial of service Smurf type attack  (The attacker sends a rapid sequence of requests of pings one address broadcast, but spoofs the return address, causing thousands of computers respond to the ping the address that the attacker wants to bring down.) With a firewall, requests for Ping (and various other TCP and UDP requests ) are easily blocked and controlled. Good Firewalls for beginners are  Guarddog and  Firestarter.

    So, with  simple security tips, your machine will be shielded against outside attacks. But, the most important part, it's still the user. This one must learn what happens, and very important, learning is an useful advantage for the user to make a better internet, since we're all now connected. And, what affects some, will affect others, by a cascading effect. So, protect your machine, and the internet, as a whole, will be improved.

Sharing is Caring:
By Alessandro Ebersol with No comments


Post a Comment

  • Popular
  • Categories
  • Archives