Steps for Linux Hardening
-
Always use a password protected Grub boot loader for protecting the linux system. So as to prohibit unauthorised user access to single user mode and access the root account on the system.
-
Always ensure that only authorised services are running on the Linux System. This can be done by checking the boot time scripts that are located under /etc/rc.d directory.
-
Never run a publicly accessible service with root previliges. Instead run the service with a normal user account. Also ensure that user doesnot have shell access on to the server.
-
Always take the backup of critical data.
-
Always use a secure session like ssh for remote administration of Linux Server.
-
Install the publicly accessible applications in a chroot environment, so that the expoitation of this service doesnot effect remaining part of the system.
-
Update the Operating System and applications installed on the system in time, so as to avoid vulnerabilities up to possible extent.
-
If the information ptovided by the publicly accessible web servers is critical, then provide the services using HTTPS connections.
-
To avoid denial of service type attacks, define number of requests accepted by the web server in a particular given time.
-
Configure the DNS server not to receive dynamic updates from unauthorised DNS servers. As this may make the user to access a website that he is not intended to access.
-
Implement access control lists for having better control over file level previliges given to user.
-
Use TCPwrappers and Xinetd services, in order to filter the authorised users from internet for accessing the services on the system up to some extent. Also we can have a better control over the services that are provide to the internet users.
-
Always use a well defined firewall on the Linux Server side, so as to provide only legitimate services to the outside world and blocks access to all the remaining ports /services that are required for the internet user.
-
Always use Network Information Service in a well protected network. This service is normally used to store centralised user database which is similar to Active directory Server in windows. Instead it is recommended to use LDAP( Lightweight Directory Access Protocol), which can serve the same purpose in a secured manner.
-
Linux Mail servers uses SMTP protocol for transferring emails and POP or IMAP protocol for retreiving the mails from users mailbox. In an Organisation, in order to transfer mails from internal network to internet a SMTP gateway will be used. If it is not well secured it may result two types of well known attacks.
- One type of attack is called relaying. Any unauthorised user once he is aware the SMTP server details, he can transfer the mails to other domain mail servers without any authentication at the SMTP server. In this type of attack, the unauthorised user is interested in propagating malicious content to other mail server domains instead of gaining access to it.
- Other type of attack involves the unauthorised user in exploring the mail account information by using SMTP commands like PASV, VERB, VRFY, EXPN and then gaining access to the internal network further