Linux Security

Revision as of 11:05, 6 May 2018 by imported>Fhdk

Users

Linux is a system build for networked multi user environments where access control is a vital part of the infrastructure.

As such any Linux based system requires users to be identified by username and access credentials. A more thorough explanation of users and groups is available at the Users & Groups page.

The toplevel user is root and is the most important user to protect from abuse or malicious usage.

If your root user is compromised you might as well restore your system either through reinstall or restore from an uncompromized backup.

A superuser account is equal problematic if not protected.

Groups

Users on a Linux system is commonly arranged in groups. A user group is a convenient way of assigning a user access to a common task like sound, media, printing and mounting of removable drives etc.

A list of available groups can be seen on the system by opening a terminal and executing the command below.

$ cat /etc/group

Likewise a user can see which groups the user is part of by executing a gropus which will display the users groups.

$ groups

Passwords

The most common credential is the password.

The best practice for creating passwords is

  • Use a combination of upper- and lowercase letters' mixed with digits and special characters like !#%&.
  • Do not use words which can be found in a dictionary. Dictionary password attacks is a most effective way of breaking passwords.
  • Ensure your password have a reasonable length of at least 8 characters and preferable more.

You might think it is easier for you to have the same password for your superuser and root account since you are the only one using the system. You are in charge but be advised that you might weaken your security since you will not know when your system in response to an action to be performed is asking for your superuser pass or your root pass.

Administrative tasks

Common administrative tasks like installing software, setting up printers, modifying configurations will often require the use of an administrative role.

On a Manjaro system the first user is created upon installation an that user will by default get assigned to the administrative role of the computer. That implies that the user is able to execute commands prefixed with sudo and upon supplying the users password the tasks can be executed.

It is a common perception that root = su = superuser and that will be correct for most situations.

However situations exist where the system will ask for your root password and not your superuser password and you have no way of knowing which one is asked for.

You will at times find yourself in a situation where you are absolutely sure you are inputting the correct password and the system refuses to comply and thereby drive you crazy.

If you make a habit of having different passwords for superuser and root you will just have to switch to the other and the system will comply.