Security

Security on UNIX and Linux systems is multifaceted, involving both built-in mechanisms and external tools to safeguard the system.

System Hardening

System hardening is the process of securing a system by reducing its surface of vulnerability. This involves several steps:

Minimizing installed Packages

Every installed software increases the potential attack surface. Use package managers like apt (for Debian-based systems) or yum (for Red Hat-based systems) to keep the system minimal and up to date.

sudo apt-get autoremove --purge

sudo apt-get update

read name

sudo apt-get upgrade

Securing Services

Disable or uninstall services that are not in use. For services that must remain active, ensure they are configured securely with the latest security patches applied.

Regular Updates

Keeping the system and all installed software up to date is crucial to protect against known vulnerabilities.

Managing Users and Permissions

User Management

Regularly review user accounts and remove those that are no longer needed. Use strong passwords and consider password aging policies to enforce regular changes.

File Permissions and Ownership

Use the chmod and chown commands to manage access rights to files and directories. Understanding the permission model (read, write, execute for owner, group, and others) is essential.

chmod 755 script.sh # Sets read, write, and execute permissions for the owner, and read and execute permissions for group and others.

chown user:group file.txt # Changes the owner and group of file.txt.

Sudo Privileges

The sudo system allows granting administrative privileges to certain users without sharing the root password. Configure sudo carefully to provide necessary permissions without overprivileging users.

Network Security

Securing network services and connections is vital to prevent unauthorized access and data breaches.

Firewall Configuration

Tools like iptables or ufw (Uncomplicated Firewall) are used to define rules that allow or block traffic based on port, protocol, and source/destination IP addresses.

sudo ufw allow from 192.168.1.0/24 to any port 22 # Allow SSH connections from the local network.

sudo ufw enable # Enable the firewall.

Security Extensions

SELinux (Security-Enhanced Linux) and AppArmor are Mandatory Access Control (MAC) systems that provide a way to enforce security policies. Unlike the traditional discretionary access control (DAC) model, MAC allows administrators to define explicit policies that govern access to system resources.