Implementing Security on Linux

Patrick Lambert

Security is never a luxury. It can save money, time, and frustration. The Linux operating system, a UNIX clone created in 1991, has several built-in security mechanisms, which are unfortunately rarely used. This article explores the basic aspects of securing a Linux server.

Start with a fresh install. Any security expert will tell you that there is no use securing a system when you don't know whether break-ins and backdoors already have been created. Any Linux distribution will work fine, because they all contain the required security tools. You should install and configure the Linux system before connecting it to the Internet. Linux installation is relatively simple regardless of the distribution you pick -- the security configuration happens after the installation.

Basic security on a Linux system is very similar to other UNIX systems. Areas to configure include user security, network security, and kernel parameters. This article reviews all of these areas, including more advanced ways to add security to Linux and some sites that contain more information.

Initial Security

After initial system setup, you can see how to make it cracker-proof. First, secure the root account. For example, edit the file /etc/securetty, which contains a list of pseudo-terminals from which root can logon. Disable telnet (ttyp0-ttyp9), so the root user can only be used on the console or over a secure link such as ssh. Also, configure the ftp daemon to refuse root logins. The file /etc/ftpusers lists the users that cannot use ftp and the root user should be part of that list.

Securing normal user accounts depends on which actions you want to allow them to do. For example, with a mail account the shell should be set to /dev/null when you create the user account. A last thing to do from the shell is disable suid programs.