NSM 09

Gheorghe Asachi Technical University of Iasi
Faculty of Automatic Control and Computer Engineering
”Network Service Management”

- Course Notes -
Master Study Programme: Distributed Systems and WEB Technologies
Year of Study: 2022-2023
Cristian-Mihai AMARANDEI
Email: cristian-mihai.amarandei@academic.tuiasi.ro
”Network Service Management” – Course Notes
Lecture #09 – Content

●
Linux system security
NSM Lecture 9 - Linux system security 2/22

System security
●
The security of a Linux server depends on the actions of
system administrator
– Eliminating potential security risk – remove all services and
applications that are not needed
– Make a list of potential sources of attack, internal or external
– It is recommended to disconnect the network before securing a
Linux server

System security
●
BIOS
– Use access password
– Do not allow boot from the floppy, optical drives, USB drives,
etc.
– It should be considered that these measures can not be
considered if there is physical access to the server

System security
●
Security Policy
– a list of what is allowed an what is not – upon which decision
are made
●
Any security policy is based on a certain degree of
paranoia:
– you must achieve a balance between allowing users access to
necessary information and complete blocking of access to the
system.

System security
●
Choose right passwords
– !!!! all passwords can be broken - either by brute force or social
engineering methods
– there must be a way to block weak passwords
– Rules:
●
Passwords must be at least 6 characters, preferably 8 and contain at least one
number or special character (/etc/login.defs)
●
Must have a validity period.
●
If passwords were entered incorrectly a certain number of times, then the access
to the account must be blocked.

System security
●
Single-user mode
– Use a password to block access to the boot manager options
●
For grub:
– Add a line like the following one
password --md5 $1$bgGCL/$4yF3t0py.IjU0LU.q7YfB1
– enerate passwords using the command:
grub-md5-crypt
●
For grub2:
– grub2-mkpasswd-pbkdf2 - Generate a PBKDF2 password hash.
– grub2-setpassword - Generate the user.cfg file containing the hashed grub bootloader password.
●
How to Set Password for Grub Menu (Debian, Ubuntu, CentOS): https://linoxide.com/linux-how-to/set-grub-password/
– Change the file /etc/inittab and add the following line
~~:S:wait:/sbin/sulogin
●
Disable Ctrl-Alt-Delete
– add “#” in the file /etc/inittab :
#ca::ctrlaltdel:/sbin/shutdown -t3 -r now

System security
●
Root
– Do not allow direct login as root: edit the file /etc/securetty defining consoles
where direct root login is allowed
● $ echo “ “ > /etc/securetty
– Set login timeout
●
add: TMOUT=7200 (in seconds - 2h)
– into the file /etc/profile for all users
– into .bashrc for each user you want
– Set history size
● HISTFILESIZE=....
● in the file /etc/profile
● HISTFILESIZE=0 – remove .bash_history file at logout

System security
● /etc/exports
– controls which file systems are exported to remote hosts using
NFS and specifies options
– configure the file with the most restrictive access possible
● Option no_root_squash
– root users on client is the same as root on server
– http://nfs.sourceforge.net/nfs-howto/ar01s03.html

System security
●
Limit the number of virtual consoles
– the default is 6
– edit /etc/inittab file to look like
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
#3:2345:respawn:/sbin/mingetty tty3
● Run the command /sbin/init q to restart de init process (the parameter q or Q tells to the init
process to read the inittab file again)

System security
● file /etc/services
– maps port numbers to named services.
●
Only root shoud modify this file
– Set the immutable attribute on the file to prevent accidental
deletion (including root)
● chattr +i /etc/services
● chattr -i /etc/services – unset immutable flag

System security
●
Special user accounts
– Various applications have a special account in which they run
●
If these applications are not installed, the account should be removed
– Also delete related groups
– Check that after upgrades have not appeared again in the
system.
– Set immutable flag on files:
/etc/passwd, /etc/shadow, /etc/group, /etc/gshadow

System security
●
Partitions mount options
– In the file /etc/fstab, the following options can be added:
● defaults - Allow everything (quota, read-write, suid) on this partition.
● noquota - Do not set users quotas on this partition.
● nosuid - Do not set SUID/SGID access on this partition.
● nodev - Do not set character or special devices access on this partition.
● noexec - Do not set execution of any binaries on this partition.
● quota - Allow users quotas on this partition.
● ro - Allow read-only on this partition.
● rw - Allow read-write on this partition.
● suid - Allow SUID/SGID access on this partition.

System security
● /usr – can be mounted read-only (static data)
● /etc/init.d
– Only root should have full access (chmod 700)
● /etc/cron.daily/
– Change access rights from 750 to 550

System security
●
find all files with SUID or SGID bit set and eliminate as
many of them
– !!!! Not all of them; your system needs some suid root programs
to work properly, so be careful (i.e. /usr/bin/passwd).
find / -type f $ -perm -04000 -o -perm -02000 $ -exec ls -l {} \;

System security
●
Don’t let internal machines tell the server what their MAC
address is
– add them manually to the ARP entries of the Linux server
– If someone change the IP address, the server simply won't talk
to them
● #arp -s 207.35.78.3 00:50:DA:C6:D3:FF
● #arp -s 192.168.1.11 00:50:DA:C6:D3:09
● #arp

System security
●
look everywhere on the system for unusual or hidden files
●
Unusual filenames can be used to hide informations:
”...”, “.. “, “..^G”
● find / -name ".. " -print -xdev
● find / -name ".*" -print -xdev | cat –v

System security
●
Find group and world writable files and directories
find / -type f $ -perm -2 -o -perm -20 $ -exec ls -lg {} \;
find / -type d $ -perm -2 -o -perm -20 $ -exec ls -ldg {} \;
●
Find all unowned files
find / -nouser -o -nogroup

System security
●
Find .rhosts files
– you should not have any .rhosts files on your system after a new install
● find /home -name .rhosts
●
Use a cron job to periodically check for, report the contents of, and delete .rhosts files
– As root create the file /etc/cron.daily/rhosts.cron
#!/bin/sh
/usr/bin/find /home -name .rhosts | (cat <<EOF
This is an automated report of possible existent ..rhosts files on
the server deep.openna.com, generated by the find utility command.
New detected ..rhosts. files under the ./home/. directory include:
EOF
cat
) | /bin/mail -s "Content of .rhosts file audit report" root
– chmod 550 /etc/cron.daily/rhosts.cron
– chown 0.0 /etc/cron.daily/rhosts.cron

System security
●
Use specialized utility for checking system integrity
– Host-based Intrusion Detection System or Host Integrity Monitoring System
●
Tripwire https://github.com/Tripwire/tripwire-open-source
●
AIDE https://aide.github.io/
●
OSSEC https://www.ossec.net
●
SAMHAIN https://la-samhna.de/samhain/
– Use rpm features to verify the integrity of existing applications
●
rpm -Va > /root/rpm_chk.txt &
– Sentry Tools: http://sourceforge.net/projects/sentrytools/

Reading assignment
●
Red Hat Enterprise Linux 7 System Administrator’s Guide
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/pdf/system_administrators_guide/Red_Hat_Enterprise_Linux-7-
System_Administrators_Guide-en-US.pdf
– Chapter 26 (grub2)
●
Red Hat Enterprise Linux 7 Security Guide
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/pdf/security_guide/Red_Hat_Enterprise_Linux-7-Security_Guide-en-US.pdf
– Chapter 4, 6
●
Red Hat Enterprise Linux 8 Security hardening
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/pdf/security_hardening/Red_Hat_Enterprise_Linux-8-Security_hardening-en-
US.pdf
– Chapter 7 (AIDE)
●
Securing & Optimizing Linux: Red Hat Edition (v.1.3) - http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3.pdf
– Chapter 3
●
Kurt Seifried, Linux Administrator’ Security Guide
– http://www.unixy.pl/forum/art/pdf/lasg-0-1-7.pdf

References
This presentation is intended for lecturing purposes only and it is based on the references listed below. Therefore, the students are encouraged to (and they should) read
thoroughly the original documents listed below in order to improve their skills.
1.Matthew West - The Linux System Administrator's Guide -

http://www.learnlinux.org.za/courses/build/fundamentals/index.html
2.The Linux Network Administrator's Guide, Second Edition -
http://www.tldp.org/LDP/nag2/nag2.pdf
3.Red Hat Enterprise Linux Documentation -
https://access.redhat.com/site/documentation/Red_Hat_Enterprise_Linux/
4.Verifying Files with Red Hat's RPM -
http://www.sans.org/security-resources/idfaq/rpm.php
5.Hardening Tips for the Red Hat Enterprise Linux 5 -
https://www.iad.gov/iad/library/ia-guidance/security-configuration/operating-s
ystems/guide-to-the-secure-configuration-of-red-hat-enterprise.cfm
6. Red Hat Enterprise Linux 7 Security Guide
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/p
df/security_guide/Red_Hat_Enterprise_Linux-7-Security_Guide-en-US.pdf

NSM 09

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

NSM 09

Uploaded by

Copyright:

Available Formats

Gheorghe Asachi Technical University of Iasi

Faculty of Automatic Control and Computer Engineering

”Network Service Management”

Year of Study: 2022-2023

Lecture #09 – Content

NSM Lecture 9 - Linux system security 2/22

NSM Lecture 9 - Linux system security 3/22

NSM Lecture 9 - Linux system security 4/22

NSM Lecture 9 - Linux system security 5/22

NSM Lecture 9 - Linux system security 6/22

#ca::ctrlaltdel:/sbin/shutdown -t3 -r now

NSM Lecture 9 - Linux system security 7/22

NSM Lecture 9 - Linux system security 8/22

NSM Lecture 9 - Linux system security 9/22

NSM Lecture 9 - Linux system security 10/22

NSM Lecture 9 - Linux system security 11/22

NSM Lecture 9 - Linux system security 12/22

NSM Lecture 9 - Linux system security 13/22

NSM Lecture 9 - Linux system security 14/22

NSM Lecture 9 - Linux system security 15/22

NSM Lecture 9 - Linux system security 16/22

NSM Lecture 9 - Linux system security 17/22

NSM Lecture 9 - Linux system security 18/22

NSM Lecture 9 - Linux system security 19/22

NSM Lecture 9 - Linux system security 20/22

NSM Lecture 9 - Linux system security 21/22

1.Matthew West - The Linux System Administrator's Guide -

You might also like