| Red Hat Linux 7.1: The Official Red Hat Linux Reference Guide |
|---|
| Prev | Chapter 7. Red Hat Security Primer | Next |
Security approaches can always be broken down into two different types:
active or passive. An
active approach to security covers all actions
designed to prevent a breech of your system's security model. A
passive approach to security refers to the
actions taken to monitor the security of your system based on that
security model.
All users should employ both active and passive approaches to
security. Each of these approaches strengthens the other. The fact that
you know from server logs that a particular user is trying to crack your
security (passive approach to security) may lead to you install an
application to block them from even getting a login prompt in the first place
(active approach to security). Likewise, the fact that you are not using
shadow passwords to protect your system (active) may lead you to watch
vigorously for changes to key files on your system using a tool such as
Tripwire (passive). (For more information on
Tripwire, please see Chapter 10.)
Red Hat Linux includes a variety of tools that will help you implement both
approaches to security. But the proper use of methods with each approach
is crucial to prevent an over-dependence on tools to protect your system.
The vast majority of security tools for Red Hat Linux work to actively protect
your system. Here are a few of the most common and useful open source tools:
Shadow Utilities — A collection
of industry-standard tools to administer local users and groups on
a system using encrypted passwords.
Kerberos 5 — A secure system for
providing network authentication services. Prevent the use of
plaintext passwords being passed over a network to gain access to
services. (See Chapter 9 for more information on Kerberos 5.)
OpenSSL — Helps you to protect a wide
variety of services that support operation over an encryption
layer. (See the Official Red Hat Linux Customization Guide for more information on OpenSSL.)
OpenSSH — A set of utilities that
can easily replace such ubiquitous yet insecure tools as
telnet and
ftp with the powerful and secure
ssh and
scp. (See the Official Red Hat Linux Customization Guide for more
information on OpenSSH.)
Methods that support an active approach to security include the following:
Limiting the number of users that can execute commands as
root — Whether intentional or by accident,
a large percentage of security problems result at least
indirectly from someone knowing the root password or being
given permission via sudo to perform a
root-level command.
Knowing what software packages you have installed on
your system and remaining alert for newly discovered security
holes — You won't know what packages to look out
for unless you are aware of which ones are installed on your system,
and you won't know they need updating unless you monitor sources
of information, such as the Red Hat Network.
Limiting the services running on the system to only
those that you actually need — Basically, the
more you have running, the more that can break or provide
unauthorized access. Save system resources (and the
trouble of maintaining things you don't use) and remove packages
you aren't using. At the very least, run a tool such as
ntsysv to prevent unnecessary services
from starting with the system at boot. (See Controlling
Access to Services in the Official Red Hat Linux Customization Guide.)
Require users to create secure passwords and change
them often — Most security problems begin with
unauthorized access to the system. This risk can be minimized by
requiring your users to also practice active security methods by
protecting their keys to your gate.
Making sure file permissions aren't unnecessarily
open — Almost no files should be writable by
all.
While most security tools for Red Hat Linux are designed for an active
approach to security, there are a few tools that can make passive
security much less of an administrative burden:
Tripwire — An application designed to
alert you if specified system files and directories are
changed. In this way, you will at least know if unauthorized users
are gaining access to your system or authorized users are making
unwanted changes to important files. (See Chapter 10 for more information on
Tripwire.)
COPS — A collection of security tools
designed to do a number of different things, from checking open
ports on a particular host to looking out for poor user passwords.
Methods that support an passive approach to security include the following:
Making it a routine practice to monitor system
logs — By default, Red Hat Linux traps an enormous amount
of useful data in the system logs located in the
/var/log directory, especially in the
messages file. One simple task run as root,
such as the grep "session opened for user root"
/var/log/messages | less command, allows you to perform a
powerful partial audit on your system and monitor who is accessing the
system as root. This would allow you, for example, to quickly narrow the
number of possible users that could have changed a particular file
that can only be written to by root, simply by comparing the time
the file in question was changed with the time of the logins in the
/var/log/messages file. However, consider that
this is not a foolproof method, as someone with write control over
an important system file may also have rights to change
/var/log/messages to erase their tracks.
|
Network sites:
|
|
Active-Domain.com offers cheap domain registration, domain name transfer and domain search services |
| |
| Cheap domain registrar : cheap domain
name registration and domain transfer |
| |
|
|
