{"id":3157,"date":"2010-06-10T05:18:48","date_gmt":"2010-06-10T09:18:48","guid":{"rendered":"http:\/\/g33kinfo.com\/info\/?p=3157"},"modified":"2010-06-10T05:18:48","modified_gmt":"2010-06-10T09:18:48","slug":"top-10-linux-security-tips-for-system-administrators","status":"publish","type":"post","link":"https:\/\/g33kinfo.com\/info\/top-10-linux-security-tips-for-system-administrators\/","title":{"rendered":"Top 10 Linux Security Tips for System Administrators"},"content":{"rendered":"

From blog.taragana.com<\/a><\/p>\n

Like every other Operating System Linux not free from security issues. These issues can be anticipated and averted only with suitable preventive steps. However, sticking to the buttoned-down techniques for securing the Linux systems such as locking the network, minimizing risk by locking down the system and restricting the access to only a few people are mere safe play and not the right measures a system administrator should take on to tighten up the security. These steps might be applicable to the average installation to some extent, but not much. We made an attempt to assemble some of the most feasible techniques for ensuring best security for your Linux system. Here’s our list of top 10 Linux security tips for system administrator.<\/p>\n

1. Install Security Updates on time
\nLet us consider Ubuntu, for instance, Ubuntu’s Package Manager provides a regular stream of security and performance updates for Operating System and the Programs that you have installed. Keeping up with the patches is essential for Linux as for any other operating system. Moreover, since Linux is open source the updates can be expected more frequently.
\nWhen you receive<\/p>\n

Shell Commands<\/p>\n

In order to check the updates use<\/p>\n

apt-get update && apt-get upgrade<\/code>
\nor
\nyum update<\/code><\/p>\n

Using the remote access software that works<\/p>\n

SSH stands for “Secure Shell” is a network protocol for creating secure communications between two computers. Older protocols for remote access such as telnet, send information such as telnet, send information such as usernames and password in clear text and may have other security loop holes<\/p>\n

2. Be alert when using peer-to-peer file sharing application
\npeer-to-peer (P2P) applications such as Napster, Gnutella, iMesh, Audiogalaxy Satellite and KaZaA offer good means for sharing information. In case you degrade the performance of the University’s network. Without knowing it you can share personal data, inadvertently violate federal copyright law or expose the computer to malicious code or unacceptable use.<\/p>\n

For more information on peer-to-peer file sharing applications read here.<\/p>\n

3. Enable WPA on router
\nFor quiet some years now standard security for wireless networks has been the WEP, which can now be easily compromised. Modern machines can catch up the keys on wireless network using WEP within a short span only until enough data is transmitted. This might not be the issue for all locations.<\/p>\n

The more the number of people within the range of access point, the more it is likely that one of them will try to crack your security. Users can do it with complete anonymity and you might never be able to trace the location.<\/p>\n

Even turning off the access point name being broadcast or locking access to MAC addresses, but this might not help you, as a snooper might derive this information from the data. Only way you ensure protection is by switching the encryption methods on your router. In case, the router doesn’t support anything better then WEP you might consider getting a new one.<\/p>\n

To overcome this you can look for model that supports WPA or ideally WPA2. Anyone of these might make your connection a lot more secure than WEP.<\/p>\n

4. Securing the groups and permissions
\nGroups and permissions are both useful features in the filesystem adopted from Unix systems. Each of the members can be member of any of the groups. The groups can assemble some of the special kind of users. In most of the Linux distros groups are used to restrict access to specific hardware. Just follow the steps below<\/p>\n

Right-click on the file manager
\nClick on Properties to see its permissions
\nChange the parameters and restrict access to key files and devices<\/p>\n

5. Disable root Login
\nTry not to login as a root user. Instead use sudo to execute root level commands as and when required. The security of your system can be enhanced using sudo, as you don’t to share root and password with other users and admins. sudo offers a simple auditing and tracking feature too.<\/p>\n

6. User Firewall to Protect Your Connection
\nThere are a several reasons to have a firewall on<\/p>\n

New software might open network ports without notifying you. It will leave your computer open to attack
\nWith the Firewall on users can control which computer IP addresses can access your computer
\nMostly the broadband routers include one by default, while Ubuntu has no Internet-facing services running in a standard installation that renders a firewall unnecessary. It doesn’t take much to change a configuration or install something that is vulnerable.<\/p>\n

Linux kernel already has a functionality by default, so the only thing it takes is the graphical front-end by default.<\/p>\n

One of the favorite we is the ufw. It’s a command line utility that is installed but not enabled on Ubuntu systems.<\/p>\n

First type<\/p>\n

sudo ufw enable<\/code><\/p>\n

To start the firewall type<\/p>\n

sudo ufw default deny<\/code><\/p>\n

It’s easy to make the configuration easier using the Gufw GUI.<\/p>\n

7. Encrypted Data Communication
\nIt’s a known fact that all the data transmitted over network is open to monitoring. This makes it imperative to encrypt transmitted data whenever possible with password or using keys\/certificates.<\/p>\n

For file transfer use scp, ssh, rsync or sftp. You might also mount remote server file system or your own home directory using special sshfs and fuse tools.<\/p>\n

GnuPG is another application that allow users to encrypt and sign the data and communicate. It features a versatile key management system as well as access modules for all kind of public key directories.<\/p>\n

Fugu provides a graphical frontend to the commandline Secure File Transfer application(SFTP). SFTP is similar to FTP, but unlike FTP the entire session is encrypted meaning no passwords are sent in cleartext form and it is much less vulnerable to third party interception.<\/p>\n

FileZilla is a cross platform client that supports FTP, FTP over SSL\/TLS(FTPS) and SSH File Transfer Protocol(SFTP).<\/p>\n

OpenVPN is a cost-effective, lightweight SSL VPN<\/p>\n

Lighttpd SSL (Secure Server Layer) Https – Configuration and installation<\/p>\n

Apache SSL (Secure Server Layer) Https (mod_ssl) Configuration and Installation<\/p>\n

8. Minimize Software to Minimize Vulnerability
\nIn order to to escape vulnerabilities in software try to avoid installing unnecessary software. Use the RPM package manager such as yum or apt-get and\/or dpkg to review all installed set of software packages on a system. Get rid of all the undesired packages.
\n
\n# yum list installed
\n# yum list packageName
\n# yum remove packageName
\n<\/code>
\nOR
\n
\n# dpkg \u2013list
\n# dpkg \u2013info packageName
\n# apt-get remove packageName
\n<\/code>
\n9. Track no-owner files
\nSometimes the files without owners cause security problems. You can find them with the following command that doesn’t belong to a valid user and a valid group
\n
\nfind \/dir -xdev \\( -nouser -o -nogroup \\) -print
\n<\/code>
\n10. Tips to ensure maximum protection to account and password
\nUsers can employ the chage command to ensure password changes on a given date of last password change. This information helps to determine when a user needs to change his\/her password.<\/p>\n

To disable password aging type
\n
\nchage -M 99999 userName
\n<\/code>
\nTo get the password expiry date enter
\n
\nchage -l userName
\n<\/code><\/p>\n

Restric Use of previous password<\/p>\n

In Linux users can use and reuse the same old passwords under Linux. The pam_unix module parameter can be used to configure the number of previous passwords that cannot be reused.<\/p>\n

i) Locking Users Accounts after login failures<\/p>\n

In Linux you can use the faillog command to display faillog records or set login failure limits. faillog formats the contents of the failure log from \/var\/log\/faillog database \/ log file. It can also be used for maintains failure counters and limits. In order to see the failed login attempts type
\n
\nfaillog
\n<\/code>
\nAfter a login failure users can unlock an account
\n
\nfaillog -r -u userName
\n<\/code>
\nTo lock and unlock the accounts you can use
\n
\n# lock account
\npasswd -l userName<\/p>\n

# unlocak account
\npasswd -u userName
\n<\/code>
\nIn order to verify that no accounts have empty passwords type the following command
\n
\n# awk -F: '($2 == \"\") {print}' \/etc\/shadow
\n<\/code>
\nTo Lock all empty password account
\n
\n# passwd -l accountName
\n<\/code>
\nii) Ensure No Non-root accounts have UID Set To 0<\/p>\n

As you know root account has UID 0 and full permission to access the system. Using the following command you can display all acounts with UID set to 0.
\n
\n# awk -F: '($3 == \"0?) {print}' \/etc\/passwd
\n<\/code>
\nNow you will see just one line as below
\n
\nroot:x:0:0:root:\/root:\/bin\/bash
\n<\/code>
\nIn case you see more than one line delete them and make sure there are other accounts authorized by you to use UID 0.<\/p>\n","protected":false},"excerpt":{"rendered":"

From blog.taragana.com Like every other Operating System Linux not free from security issues. These issues can be anticipated and averted only with suitable preventive steps. However, sticking to the buttoned-down techniques for securing the Linux systems such as locking the network, minimizing risk by locking down the system and restricting the access to only a… <\/p>\n

Read More<\/i><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-3157","post","type-post","status-publish","format-standard","hentry","category-info"],"yoast_head":"\nTop 10 Linux Security Tips for System Administrators - Linux Shtuff<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/g33kinfo.com\/info\/top-10-linux-security-tips-for-system-administrators\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Top 10 Linux Security Tips for System Administrators - Linux Shtuff\" \/>\n<meta property=\"og:description\" content=\"From blog.taragana.com Like every other Operating System Linux not free from security issues. These issues can be anticipated and averted only with suitable preventive steps. However, sticking to the buttoned-down techniques for securing the Linux systems such as locking the network, minimizing risk by locking down the system and restricting the access to only a... Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/g33kinfo.com\/info\/top-10-linux-security-tips-for-system-administrators\/\" \/>\n<meta property=\"og:site_name\" content=\"Linux Shtuff\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:author\" content=\"https:\/\/fb.me\/g33kinf0\" \/>\n<meta property=\"article:published_time\" content=\"2010-06-10T09:18:48+00:00\" \/>\n<meta name=\"author\" content=\"g33kadmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/drsinger1111\" \/>\n<meta name=\"twitter:site\" content=\"@drsinger1111\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/top-10-linux-security-tips-for-system-administrators\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/top-10-linux-security-tips-for-system-administrators\\\/\"},\"author\":{\"name\":\"g33kadmin\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"headline\":\"Top 10 Linux Security Tips for System Administrators\",\"datePublished\":\"2010-06-10T09:18:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/top-10-linux-security-tips-for-system-administrators\\\/\"},\"wordCount\":1337,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"articleSection\":[\"General Info\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/top-10-linux-security-tips-for-system-administrators\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/top-10-linux-security-tips-for-system-administrators\\\/\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/top-10-linux-security-tips-for-system-administrators\\\/\",\"name\":\"Top 10 Linux Security Tips for System Administrators - Linux Shtuff\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\"},\"datePublished\":\"2010-06-10T09:18:48+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/top-10-linux-security-tips-for-system-administrators\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/g33kinfo.com\\\/info\\\/top-10-linux-security-tips-for-system-administrators\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/top-10-linux-security-tips-for-system-administrators\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Top 10 Linux Security Tips for System Administrators\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#website\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/\",\"name\":\"Linux Shtuff\",\"description\":\"Because I have CRS Syndrome...\",\"publisher\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/#\\\/schema\\\/person\\\/c022e4c40b13ea1b678e6f020756f547\",\"name\":\"g33kadmin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"url\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"contentUrl\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\",\"width\":512,\"height\":512,\"caption\":\"g33kadmin\"},\"logo\":{\"@id\":\"https:\\\/\\\/g33kinfo.com\\\/info\\\/wp-content\\\/uploads\\\/2022\\\/07\\\/minion-researchA.gif\"},\"description\":\"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\\\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....\",\"sameAs\":[\"https:\\\/\\\/thelinuxreport.com\",\"https:\\\/\\\/fb.me\\\/g33kinf0\",\"https:\\\/\\\/x.com\\\/https:\\\/\\\/twitter.com\\\/drsinger1111\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Top 10 Linux Security Tips for System Administrators - Linux Shtuff","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/g33kinfo.com\/info\/top-10-linux-security-tips-for-system-administrators\/","og_locale":"en_US","og_type":"article","og_title":"Top 10 Linux Security Tips for System Administrators - Linux Shtuff","og_description":"From blog.taragana.com Like every other Operating System Linux not free from security issues. These issues can be anticipated and averted only with suitable preventive steps. However, sticking to the buttoned-down techniques for securing the Linux systems such as locking the network, minimizing risk by locking down the system and restricting the access to only a... Read More","og_url":"https:\/\/g33kinfo.com\/info\/top-10-linux-security-tips-for-system-administrators\/","og_site_name":"Linux Shtuff","article_publisher":"https:\/\/fb.me\/g33kinf0","article_author":"https:\/\/fb.me\/g33kinf0","article_published_time":"2010-06-10T09:18:48+00:00","author":"g33kadmin","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/drsinger1111","twitter_site":"@drsinger1111","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/g33kinfo.com\/info\/top-10-linux-security-tips-for-system-administrators\/#article","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/top-10-linux-security-tips-for-system-administrators\/"},"author":{"name":"g33kadmin","@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"headline":"Top 10 Linux Security Tips for System Administrators","datePublished":"2010-06-10T09:18:48+00:00","mainEntityOfPage":{"@id":"https:\/\/g33kinfo.com\/info\/top-10-linux-security-tips-for-system-administrators\/"},"wordCount":1337,"commentCount":0,"publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"articleSection":["General Info"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/g33kinfo.com\/info\/top-10-linux-security-tips-for-system-administrators\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/g33kinfo.com\/info\/top-10-linux-security-tips-for-system-administrators\/","url":"https:\/\/g33kinfo.com\/info\/top-10-linux-security-tips-for-system-administrators\/","name":"Top 10 Linux Security Tips for System Administrators - Linux Shtuff","isPartOf":{"@id":"https:\/\/g33kinfo.com\/info\/#website"},"datePublished":"2010-06-10T09:18:48+00:00","breadcrumb":{"@id":"https:\/\/g33kinfo.com\/info\/top-10-linux-security-tips-for-system-administrators\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/g33kinfo.com\/info\/top-10-linux-security-tips-for-system-administrators\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/g33kinfo.com\/info\/top-10-linux-security-tips-for-system-administrators\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/g33kinfo.com\/info\/"},{"@type":"ListItem","position":2,"name":"Top 10 Linux Security Tips for System Administrators"}]},{"@type":"WebSite","@id":"https:\/\/g33kinfo.com\/info\/#website","url":"https:\/\/g33kinfo.com\/info\/","name":"Linux Shtuff","description":"Because I have CRS Syndrome...","publisher":{"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/g33kinfo.com\/info\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/g33kinfo.com\/info\/#\/schema\/person\/c022e4c40b13ea1b678e6f020756f547","name":"g33kadmin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","url":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","contentUrl":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif","width":512,"height":512,"caption":"g33kadmin"},"logo":{"@id":"https:\/\/g33kinfo.com\/info\/wp-content\/uploads\/2022\/07\/minion-researchA.gif"},"description":"I am a g33k, Linux blogger, developer, student and Tech Writer for Liquidweb.com\/kb. My passion for all things tech drives my hunt for all the coolz. I often need a vacation after I get back from vacation....","sameAs":["https:\/\/thelinuxreport.com","https:\/\/fb.me\/g33kinf0","https:\/\/x.com\/https:\/\/twitter.com\/drsinger1111"]}]}},"_links":{"self":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/3157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/comments?post=3157"}],"version-history":[{"count":0,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/posts\/3157\/revisions"}],"wp:attachment":[{"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/media?parent=3157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/categories?post=3157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/g33kinfo.com\/info\/wp-json\/wp\/v2\/tags?post=3157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}