Linux Security

Revision as of 00:20, 17 July 2018 by imported>Tele

Users

Linux is a system build for networked multi user environments where access control is a vital part of the infrastructure.

As such any Linux based system requires users to be identified by username and access credentials. A more thorough explanation of users and groups is available at the Users & Groups page.

The toplevel user is root and is the most important user to protect from abuse or malicious usage.

If your root user is compromised you might as well restore your system either through reinstall or restore from an uncompromized backup.

A superuser account is equal problematic if not protected.

Groups

Users on a Linux system is commonly arranged in groups. A user group is a convenient way of assigning a user access to a common task like sound, media, printing and mounting of removable drives etc.

A list of available groups can be seen on the system by opening a terminal and executing the command below.

$ cat /etc/group

Likewise a user can see which groups the user is part of by executing a groups which will display the users groups.

$ groups

Passwords

The most common credential is the password.

The best practice for creating passwords is

  • Use a combination of upper- and lowercase letters mixed with digits and special characters like !#%&.
  • Do not use words which can be found in a dictionary. Dictionary password attacks is a most effective way of breaking passwords.
  • Ensure your password have a reasonable length of at least 8 characters and preferably more.

You might think it is easier for you to have the same password for your superuser and root account since you are the only one using the system. You are in charge but be advised that you might weaken your security since you will not know when your system in response to an action to be performed is asking for your superuser pass or your root pass.

Administrative tasks

Common administrative tasks like installing software, setting up printers, modifying configurations will often require the use of an administrative role.

On a Manjaro system the first user is created upon installation and that user will by default get assigned to the administrative role of the computer. That implies that the user is able to execute commands prefixed with sudo and upon supplying the users password the tasks can be executed.

It is a common perception that root = su = superuser and that will be correct for most situations.

However situations exist where the system will ask for your root password and not your superuser password and you have no way of knowing which one is asked for.

You will at times find yourself in a situation where you are absolutely sure you are inputting the correct password and the system refuses to comply and thereby drive you crazy.

If you make a habit of having different passwords for superuser and root you will just have to switch to the other and the system will comply.

Forum


Tips

  • You be aware:
Everything you have on the devices, maybe one day be on the internet.
So, do not put things which you do not want on the internet
  • Read about firewalls
  • Read how read firewall logs
  • Read how find open ports
  • Read how find applications that use the internet and how to block
  • Read how to find listen to the connections / applications.
Secure passwords should be encrypted
  • Read about sandbox
  • Read how prevent a fork bomb by limiting user process
  • Do not use commands if you do not know what they do
  • Do not enter long commands, but copy and paste
  • Do not use root account if you don't need.
  • Read why we use sgid and why it can be dangerous
  • Read how find files with incorrect permissions and how find files with sgid
  • Do not trust anyone
  • Read about AIDA ( Advanced Intrusion Detection Enviornment )
  • Read what it is Access Control Lists
  • Read how to check the changed packages
  • Read how to check system logs and how to quickly find faults and how create alerts
  • Update the system systematically if possible,
because a lot of attacks already use detected and repaired vulnerabilities.
  • If you're a programmer:
    • Read about attacks on environmental variables
    • Read about attack on input files
    • Read about Validating Sanitizing and Escaping User Data