608 lines
15 KiB
HTML
608 lines
15 KiB
HTML
|
<HTML
|
||
|
><HEAD
|
||
|
><TITLE
|
||
|
>Overview</TITLE
|
||
|
><META
|
||
|
NAME="GENERATOR"
|
||
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
||
|
REL="HOME"
|
||
|
TITLE="Linux Security HOWTO"
|
||
|
HREF="index.html"><LINK
|
||
|
REL="PREVIOUS"
|
||
|
TITLE="Introduction"
|
||
|
HREF="x21.html"><LINK
|
||
|
REL="NEXT"
|
||
|
TITLE="Physical Security"
|
||
|
HREF="physical-security.html"></HEAD
|
||
|
><BODY
|
||
|
CLASS="sect1"
|
||
|
BGCOLOR="#FFFFFF"
|
||
|
TEXT="#000000"
|
||
|
LINK="#0000FF"
|
||
|
VLINK="#840084"
|
||
|
ALINK="#0000FF"
|
||
|
><DIV
|
||
|
CLASS="NAVHEADER"
|
||
|
><TABLE
|
||
|
SUMMARY="Header navigation table"
|
||
|
WIDTH="100%"
|
||
|
BORDER="0"
|
||
|
CELLPADDING="0"
|
||
|
CELLSPACING="0"
|
||
|
><TR
|
||
|
><TH
|
||
|
COLSPAN="3"
|
||
|
ALIGN="center"
|
||
|
>Linux Security HOWTO</TH
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="10%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="bottom"
|
||
|
><A
|
||
|
HREF="x21.html"
|
||
|
ACCESSKEY="P"
|
||
|
>Prev</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="80%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="bottom"
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="10%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="bottom"
|
||
|
><A
|
||
|
HREF="physical-security.html"
|
||
|
ACCESSKEY="N"
|
||
|
>Next</A
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><HR
|
||
|
ALIGN="LEFT"
|
||
|
WIDTH="100%"></DIV
|
||
|
><DIV
|
||
|
CLASS="sect1"
|
||
|
><H1
|
||
|
CLASS="sect1"
|
||
|
><A
|
||
|
NAME="AEN82"
|
||
|
></A
|
||
|
>2. Overview</H1
|
||
|
><P
|
||
|
> This document will attempt to explain some procedures and commonly-used
|
||
|
software to help your Linux system be more secure. It is
|
||
|
important to discuss some of the basic concepts first, and create a
|
||
|
security foundation, before we get started.
|
||
|
</P
|
||
|
><DIV
|
||
|
CLASS="sect2"
|
||
|
><H2
|
||
|
CLASS="sect2"
|
||
|
><A
|
||
|
NAME="AEN85"
|
||
|
></A
|
||
|
>2.1. Why Do We Need Security?</H2
|
||
|
><P
|
||
|
> In the ever-changing world of global data communications, inexpensive
|
||
|
Internet connections, and fast-paced software development, security is
|
||
|
becoming more and more of an issue. Security is now a basic
|
||
|
requirement because global computing is inherently insecure. As your
|
||
|
data goes from point A to point B on the Internet, for example, it may
|
||
|
pass through several other points along the way, giving other users
|
||
|
the opportunity to intercept, and even alter, it. Even other
|
||
|
users on your system may maliciously transform your data into
|
||
|
something you did not intend. Unauthorized access to your system may
|
||
|
be obtained by intruders, also known as "crackers", who then use
|
||
|
advanced knowledge to impersonate you, steal information from you, or
|
||
|
even deny you access to your own resources. If you're wondering
|
||
|
what the difference is between a "Hacker" and a "Cracker", see Eric
|
||
|
Raymond's document, "How to Become A Hacker", available at <A
|
||
|
HREF="http://www.catb.org/~esr/faqs/hacker-howto.html"
|
||
|
TARGET="_top"
|
||
|
>http://www.catb.org/~esr/faqs/hacker-howto.html</A
|
||
|
>.
|
||
|
</P
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="sect2"
|
||
|
><H2
|
||
|
CLASS="sect2"
|
||
|
><A
|
||
|
NAME="AEN89"
|
||
|
></A
|
||
|
>2.2. How Secure Is Secure?</H2
|
||
|
><P
|
||
|
> First, keep in mind that no computer system can ever be completely
|
||
|
secure. All you can do is make it increasingly difficult for someone
|
||
|
to compromise your system. For the average home Linux user, not much
|
||
|
is required to keep the casual cracker at bay. However, for
|
||
|
high-profile Linux users (banks, telecommunications companies, etc),
|
||
|
much more work is required.
|
||
|
</P
|
||
|
><P
|
||
|
> Another factor to take into account is that the more secure your
|
||
|
system is, the more intrusive your security becomes. You need to
|
||
|
decide where in this balancing act your system will still be usable,
|
||
|
and yet secure for your purposes. For instance, you could require
|
||
|
everyone dialing into your system to use a call-back modem to call
|
||
|
them back at their home number. This is more secure, but if someone is
|
||
|
not at home, it makes it difficult for them to login. You could also
|
||
|
setup your Linux system with no network or connection to the Internet,
|
||
|
but this limits its usefulness.
|
||
|
</P
|
||
|
><P
|
||
|
> If you are a medium to large-sized site, you should establish a
|
||
|
security policy stating how much security is required by your site
|
||
|
and what auditing is in place to check it. You can find a well-known
|
||
|
security policy example at <A
|
||
|
HREF="http://www.faqs.org/rfcs/rfc2196.html"
|
||
|
TARGET="_top"
|
||
|
>http://www.faqs.org/rfcs/rfc2196.html</A
|
||
|
>. It has been recently
|
||
|
updated, and contains a great framework for establishing a security
|
||
|
policy for your company.
|
||
|
</P
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="sect2"
|
||
|
><H2
|
||
|
CLASS="sect2"
|
||
|
><A
|
||
|
NAME="AEN95"
|
||
|
></A
|
||
|
>2.3. What Are You Trying to Protect?</H2
|
||
|
><P
|
||
|
> Before you attempt to secure your system, you should determine what
|
||
|
level of threat you have to protect against, what risks you should or
|
||
|
should not take, and how vulnerable your system is as a result. You
|
||
|
should analyze your system to know what you're protecting,
|
||
|
why you're protecting it, what value it has, and who has
|
||
|
responsibility for your data and other assets.
|
||
|
</P
|
||
|
><P
|
||
|
>
|
||
|
<P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>Risk</EM
|
||
|
> is the possibility that an intruder may be successful in
|
||
|
attempting to access your computer. Can an intruder read or write
|
||
|
files, or execute programs that could cause damage? Can they delete
|
||
|
critical data? Can they prevent you or your company from getting important work
|
||
|
done? Don't forget: someone gaining access to your account, or your
|
||
|
system, can also impersonate you.
|
||
|
</P
|
||
|
><P
|
||
|
> Additionally, having one insecure account on your system can result in
|
||
|
your entire network being compromised. If you allow a single user
|
||
|
to login using a <TT
|
||
|
CLASS="literal"
|
||
|
>.rhosts</TT
|
||
|
> file, or to use an insecure
|
||
|
service such as <TT
|
||
|
CLASS="literal"
|
||
|
>tftp</TT
|
||
|
>, you risk an intruder getting 'his
|
||
|
foot in the door'. Once the intruder has a user account on your
|
||
|
system, or someone else's system, it can be used to gain access to
|
||
|
another system, or another account.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>Threat</EM
|
||
|
> is typically from someone with motivation to gain unauthorized
|
||
|
access to your network or computer. You must decide whom you trust to
|
||
|
have access to your system, and what threat they could pose.
|
||
|
</P
|
||
|
><P
|
||
|
> There are several types of intruders, and it is useful to keep their
|
||
|
different characteristics in mind as you are securing your systems.
|
||
|
</P
|
||
|
><P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>The Curious</EM
|
||
|
> - This type of intruder is basically
|
||
|
interested in finding out what type of system and data you have.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>The Malicious</EM
|
||
|
> - This type of intruder is out to either
|
||
|
bring down your systems, or deface your web page, or otherwise force you
|
||
|
to spend time and money recovering from the damage he has caused.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>The High-Profile Intruder</EM
|
||
|
> - This type of intruder is
|
||
|
trying to use your system to gain popularity and infamy. He might use
|
||
|
your high-profile system to advertise his abilities.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>The Competition</EM
|
||
|
> - This type of intruder is interested in
|
||
|
what data you have on your system. It might be someone who thinks you
|
||
|
have something that could benefit him, financially or otherwise.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>The Borrowers</EM
|
||
|
> - This type of intruder is interested in
|
||
|
setting up shop on your system and using its resources for their own
|
||
|
purposes. He typically will run chat or irc servers, porn archive
|
||
|
sites, or even DNS servers.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> <EM
|
||
|
>The Leapfrogger</EM
|
||
|
> - This type of intruder is only
|
||
|
interested in your system to use it to get into other systems. If your
|
||
|
system is well-connected or a gateway to a number of internal hosts,
|
||
|
you may well see this type trying to compromise your system.
|
||
|
</P
|
||
|
></LI
|
||
|
></UL
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Vulnerability describes how well-protected your computer is from
|
||
|
another network, and the potential for someone to gain unauthorized
|
||
|
access.
|
||
|
</P
|
||
|
><P
|
||
|
> What's at stake if someone breaks into your system? Of course the
|
||
|
concerns of a dynamic PPP home user will be different from those of a
|
||
|
company connecting their machine to the Internet, or another large
|
||
|
network.
|
||
|
</P
|
||
|
><P
|
||
|
> How much time would it take to retrieve/recreate any data that was
|
||
|
lost? An initial time investment now can save ten times more time
|
||
|
later if you have to recreate data that was lost. Have you checked
|
||
|
your backup strategy, and verified your data lately?
|
||
|
</P
|
||
|
></LI
|
||
|
></UL
|
||
|
>
|
||
|
|
||
|
</P
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="sect2"
|
||
|
><H2
|
||
|
CLASS="sect2"
|
||
|
><A
|
||
|
NAME="AEN133"
|
||
|
></A
|
||
|
>2.4. Developing A Security Policy</H2
|
||
|
><P
|
||
|
> Create a simple, generic policy for your system that your users can
|
||
|
readily understand and follow. It should protect the data you're
|
||
|
safeguarding as well as the privacy of the users. Some things to
|
||
|
consider adding are: who has access to the system (Can my friend use my
|
||
|
account?), who's allowed to install software on the system, who owns
|
||
|
what data, disaster recovery, and appropriate use of the system.
|
||
|
</P
|
||
|
><P
|
||
|
> A generally-accepted security policy starts with the phrase
|
||
|
</P
|
||
|
><P
|
||
|
> <SPAN
|
||
|
CLASS="QUOTE"
|
||
|
>"<EM
|
||
|
> That which is not permitted is prohibited</EM
|
||
|
>"</SPAN
|
||
|
>
|
||
|
</P
|
||
|
><P
|
||
|
> This means that unless you grant access to a service for a user, that
|
||
|
user shouldn't be using that service until you do grant access. Make
|
||
|
sure the policies work on your regular user account. Saying, "Ah, I
|
||
|
can't figure out this permissions problem, I'll just do it as root"
|
||
|
can lead to security holes that are very obvious, and even ones that
|
||
|
haven't been exploited yet.
|
||
|
</P
|
||
|
><P
|
||
|
> <A
|
||
|
HREF="ftp://www.faqs.org/rfcs/rfc1244.html"
|
||
|
TARGET="_top"
|
||
|
>rfc1244</A
|
||
|
>
|
||
|
is a document that describes how to create your own network security
|
||
|
policy.
|
||
|
</P
|
||
|
><P
|
||
|
> <A
|
||
|
HREF="ftp://www.faqs.org/rfcs/rfc1281.html"
|
||
|
TARGET="_top"
|
||
|
>rfc1281</A
|
||
|
>
|
||
|
is a document that shows an example security policy with detailed
|
||
|
descriptions of each step.
|
||
|
</P
|
||
|
><P
|
||
|
> Finally, you might want to look at the COAST policy archive at <A
|
||
|
HREF="ftp://coast.cs.purdue.edu/pub/doc/policy"
|
||
|
TARGET="_top"
|
||
|
>ftp://coast.cs.purdue.edu/pub/doc/policy</A
|
||
|
> to see what some
|
||
|
real-life security policies look like.
|
||
|
</P
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="sect2"
|
||
|
><H2
|
||
|
CLASS="sect2"
|
||
|
><A
|
||
|
NAME="AEN147"
|
||
|
></A
|
||
|
>2.5. Means of Securing Your Site</H2
|
||
|
><P
|
||
|
> This document will discuss various means with which you can secure
|
||
|
the assets you have worked hard for: your local machine,
|
||
|
your data, your users, your network, even your reputation. What would
|
||
|
happen to your reputation if an intruder deleted some of your users'
|
||
|
data? Or defaced your web site? Or published your company's
|
||
|
corporate project plan for next quarter? If you are planning a network
|
||
|
installation, there are many factors you must take into account before
|
||
|
adding a single machine to your network.
|
||
|
</P
|
||
|
><P
|
||
|
> Even if you have a single dial up PPP account, or just a small site,
|
||
|
this does not mean intruders won't be interested in your systems.
|
||
|
Large, high-profile sites are not the only targets -- many intruders
|
||
|
simply want to exploit as many sites as possible, regardless of their
|
||
|
size. Additionally, they may use a security hole in your site to gain
|
||
|
access to other sites you're connected to.
|
||
|
</P
|
||
|
><P
|
||
|
> Intruders have a lot of time on their hands, and can avoid guessing
|
||
|
how you've obscured your system just by trying all the
|
||
|
possibilities. There are also a number of reasons an intruder may be
|
||
|
interested in your systems, which we will discuss later.
|
||
|
</P
|
||
|
><DIV
|
||
|
CLASS="sect3"
|
||
|
><H3
|
||
|
CLASS="sect3"
|
||
|
><A
|
||
|
NAME="AEN152"
|
||
|
></A
|
||
|
>2.5.1. Host Security</H3
|
||
|
><P
|
||
|
> Perhaps the area of security on which administrators concentrate most is
|
||
|
host-based security. This typically involves making sure your own
|
||
|
system is secure, and hoping everyone else on your network does the
|
||
|
same. Choosing good passwords, securing your host's local network
|
||
|
services, keeping good accounting records, and upgrading programs with
|
||
|
known security exploits are among the things the local security
|
||
|
administrator is responsible for doing. Although this is absolutely
|
||
|
necessary, it can become a daunting task once your network becomes
|
||
|
larger than a few machines.
|
||
|
</P
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="sect3"
|
||
|
><H3
|
||
|
CLASS="sect3"
|
||
|
><A
|
||
|
NAME="AEN155"
|
||
|
></A
|
||
|
>2.5.2. Local Network Security</H3
|
||
|
><P
|
||
|
> Network security is as necessary as local host security. With
|
||
|
hundreds, thousands, or more computers on the same network,
|
||
|
you can't rely on each one of those systems being secure. Ensuring
|
||
|
that only authorized users can use your network,
|
||
|
building firewalls, using strong encryption, and ensuring
|
||
|
there are no "rogue" (that is, unsecured) machines on your network are all
|
||
|
part of the network security administrator's duties.
|
||
|
</P
|
||
|
><P
|
||
|
> This document will discuss some of the techniques used to secure your
|
||
|
site, and hopefully show you some of the ways to prevent an intruder
|
||
|
from gaining access to what you are trying to protect.
|
||
|
</P
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="sect3"
|
||
|
><H3
|
||
|
CLASS="sect3"
|
||
|
><A
|
||
|
NAME="AEN159"
|
||
|
></A
|
||
|
>2.5.3. Security Through Obscurity</H3
|
||
|
><P
|
||
|
> One type of security that must be discussed is "security through
|
||
|
obscurity". This means, for example, moving a service that has known
|
||
|
security vulnerabilities to a non-standard port in hopes that attackers
|
||
|
won't notice it's there and thus won't exploit it. Rest assured that
|
||
|
they can determine that it's there and will exploit it. Security
|
||
|
through obscurity is no security at all. Simply because you may have a
|
||
|
small site, or a relatively low profile, does not mean an intruder
|
||
|
won't be interested in what you have. We'll discuss what you're
|
||
|
protecting in the next sections.
|
||
|
</P
|
||
|
></DIV
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="sect2"
|
||
|
><H2
|
||
|
CLASS="sect2"
|
||
|
><A
|
||
|
NAME="AEN162"
|
||
|
></A
|
||
|
>2.6. Organization of This Document</H2
|
||
|
><P
|
||
|
> This document has been divided into a number of sections. They cover
|
||
|
several broad security issues. The first,
|
||
|
<A
|
||
|
HREF="physical-security.html"
|
||
|
>Section 3</A
|
||
|
>,
|
||
|
covers how you need to protect your physical machine from
|
||
|
tampering. The second,
|
||
|
<A
|
||
|
HREF="local-security.html"
|
||
|
>Section 4</A
|
||
|
>, describes how to
|
||
|
protect your system from tampering by local users. The third,
|
||
|
<A
|
||
|
HREF="file-security.html"
|
||
|
>Section 5</A
|
||
|
>,
|
||
|
shows you how to setup your file systems and permissions on your
|
||
|
files. The next, <A
|
||
|
HREF="password-security.html"
|
||
|
>Section 6</A
|
||
|
>, discusses how to use encryption to better secure
|
||
|
your machine and network.
|
||
|
<A
|
||
|
HREF="kernel-security.html"
|
||
|
>Section 7</A
|
||
|
> discusses what kernel
|
||
|
options you should set or be aware of for a more secure system.
|
||
|
<A
|
||
|
HREF="network-security.html"
|
||
|
>Section 8</A
|
||
|
>, describes how to
|
||
|
better secure your Linux system from network attacks.
|
||
|
<A
|
||
|
HREF="secure-prep.html"
|
||
|
>Section 9</A
|
||
|
>, discusses how to
|
||
|
prepare your machine(s) before bringing them on-line. Next,
|
||
|
<A
|
||
|
HREF="after-breakin.html"
|
||
|
>Section 10</A
|
||
|
>,
|
||
|
discusses what to do when you detect a system compromise in progress
|
||
|
or detect one that has recently happened. In <A
|
||
|
HREF="sources.html"
|
||
|
>Section 11</A
|
||
|
>, some primary security resources are enumerated.
|
||
|
The Q and A section <A
|
||
|
HREF="q-and-a.html"
|
||
|
>Section 13</A
|
||
|
>,
|
||
|
answers some frequently-asked questions, and finally a conclusion in
|
||
|
<A
|
||
|
HREF="conclusion.html"
|
||
|
>Section 14</A
|
||
|
>
|
||
|
</P
|
||
|
><P
|
||
|
> The two main points to realize when reading this document are:
|
||
|
</P
|
||
|
><P
|
||
|
>
|
||
|
<P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
> Be aware of your system. Check system logs such as
|
||
|
<TT
|
||
|
CLASS="literal"
|
||
|
>/var/log/messages</TT
|
||
|
> and keep an eye on your system, and
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Keep your system up-to-date by making sure you have installed the
|
||
|
current versions of software and have upgraded per security alerts.
|
||
|
Just doing this will help make your system markedly more secure.
|
||
|
</P
|
||
|
></LI
|
||
|
></UL
|
||
|
>
|
||
|
|
||
|
</P
|
||
|
></DIV
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="NAVFOOTER"
|
||
|
><HR
|
||
|
ALIGN="LEFT"
|
||
|
WIDTH="100%"><TABLE
|
||
|
SUMMARY="Footer navigation table"
|
||
|
WIDTH="100%"
|
||
|
BORDER="0"
|
||
|
CELLPADDING="0"
|
||
|
CELLSPACING="0"
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="x21.html"
|
||
|
ACCESSKEY="P"
|
||
|
>Prev</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="34%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="index.html"
|
||
|
ACCESSKEY="H"
|
||
|
>Home</A
|
||
|
></TD
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="top"
|
||
|
><A
|
||
|
HREF="physical-security.html"
|
||
|
ACCESSKEY="N"
|
||
|
>Next</A
|
||
|
></TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="left"
|
||
|
VALIGN="top"
|
||
|
>Introduction</TD
|
||
|
><TD
|
||
|
WIDTH="34%"
|
||
|
ALIGN="center"
|
||
|
VALIGN="top"
|
||
|
> </TD
|
||
|
><TD
|
||
|
WIDTH="33%"
|
||
|
ALIGN="right"
|
||
|
VALIGN="top"
|
||
|
>Physical Security</TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
></DIV
|
||
|
></BODY
|
||
|
></HTML
|
||
|
>
|