System Hardening in Linux Everybody says that Linux is secure by default and agreed to some extend (It’s debatable topics). However, Linux has in-built security model in place by default. Need to tune it up and customize as per your need which may help to make more secure system. Linux is harder to manage but offers more flexibility and configuration options. 25 Linux Security and Hardening Tips Securing a system in a production from the hands of hackers and crackers is a challenging task for a System Administrator . This is our first article related to “ How to Secure Linux box ” or “ Hardening a Linux Box “. In this post We’ll explain 25 useful tips & tricks to secure your Linux system. Hope, below tips & tricks will help you some extend to secure your system. 1. Physical System Security Configure the BIOS to disable booting from CD/DVD , External Devices , Floppy Drive in BIOS . Next, enable BIOS password & also protect GRUB with password to restrict physical access of your system. Set GRUB Password to Protect Linux Servers 2. Disk Partitions
It’s important to have different partitions to obtain higher data security in case if any disaster happens. By creating different partitions, data can be separated and grouped. When an unexpected accident occurs, only data of that partition will be damaged, while the data on other partitions survived. Make sure you must have following separate partitions and sure that third party applications should be installed on separate file systems under /opt . / /boot /usr /var /home /tmp /opt 3. Minimize Packages to Minimize Vulnerability Do you really want all sort of services installed?. It’s recommended to avoid installing useless packages to avoid vulnerabilities in packages. This may minimize risk that compromise of one service may lead to compromise of other services. Find and remove or disable unwanted services from the server to minimize vulnerability. Use the ‘ chkconfig ‘ command to find out services which are running on runlevel 3 . # /sbin/chkconfig --list |grep '3:on' Once you’ve find out any unwanted service are running, disable them using the following command.
# chkconfig serviceName off Use the RPM package manager such as “ yum ” or “ apt-get ” tools to list all installed packages on a system and remove them using the following command. # yum -y remove package-name # sudo apt-get remove package-name 5 chkconfig Command Examples 20 Practical Examples of RPM Commands 20 Linux YUM Commands for Linux Package Management 25 APT-GET and APT-CACHE Commands to Manage Package Management 4. Check Listening Network Ports With the help of ‘ netstat ‘ networking command you can view all open ports and associated programs. As I said above use ‘ chkconfig ‘ command to disable all unwanted network services from the system.
You've reached the end of your free preview.
Want to read all 13 pages?
- Fall '11
- Operating Systems