Friday, 8 June 2012

6 Good security practices every Linux admin must follow:

Here is my own good security practices list to make Linux system safe.

(1) All the time keep a system up to date. Apply all patches especially security update. Use up2date or yum or apt-get update commands to apply security updates.

Good tips. One note btw – atp-get update command on debian based systems simply fetches list of currently available packages in the repositories. Upgrading the system is a two step process:
First fetch new package list:
apt-get update
Then run an update:
apt-get upgrade or apt-get dist-upgrade

(2) Default firewall policy should be - close all door open required windows. Run iptables or ipf to block unwanted traffic, IPs, unused ports.
(3) Never ever login as root, always use sudo. Disable root access for ssh and ftp session (default).

(4) Do not run any perl or other executable code on production system as root. Always test downloaded stuff locally and use md5 checksum for verification purpose.

(5) Take advantage of SELinux (Security-enhanced Linux) which enables mandatory access control mechanism. It is also recommended that you install anti-virus/anti-spam program on all mail server such as clamav (or you can purchase 3rd party AV/Anti Spam solution).

(6) Finally run all important services in chrooted jail environment.
Update (see comment below) - Other user suggestions

(7) Remove or disable unnecessary services you don't use.
     Remove all compilers and network scanning tools such as nmap from servers. Why make the attacker’s job easier?

(8) Conduct some (penetration) tests to ensure you didn't misconfig your setup.

Misconfiguration is often a cause of system compromise!…Its right up there with not staying up to date with patches!

(9) Remove all compilers and network scanning tools such as nmap from servers. Why make the attacker's job easier?

9) if running a web hosting server, use the mod_sec module for appache.
(10) If running a Server in production environment run a IDS like snort.
(11) First level of security always starts from the phisical security.

Remember you can make attackers life hard but you cannot make anything 100% secure. Continues monitoring and tight security policy will keep running the service for long time without any sort of intrusion :)


No comments:

Post a Comment