Pick a Free OS

User login

Navigation

Securing Linux: Part 1

guidelines is what is going to make it all work in the end.

Basic security guidelines

Let us look at some basic security measures that will help you take care of the

small loose ends at least. Remember, a chain is only as strong as its weakest

link.

BIOS passwords

BIOS, stands for Basic Input Output System. The main function of the BIOS is

to initialize all the hardware on your computer. Using the BIOS, it is possible

to re-scan all the HDD on your systems or hide any HDD on your system. Changing

the boot sequence through the BIOS is also possible. Any intruder can boot off a

boot disk, mount your hard drive partitions and access all the data. Novices

messing around with BIOS parameters, is a very common sight at many companies,

and ultimately when things go wrong no one wants to claim responsibility.

To prevent any such problems, set a BIOS password to protect your settings.

Also, ensure that you are prompted for a password at boot. Make sure that you

choose a password that is at least eight characters and is a combination of

numbers and non-dictionary words.

File permissions and attributes

There are many programs that you run on your system, which may have the SETUID

or SETGID bit set. The necessity of having the SETUID or the SETGID bit set is

so that these programs can access certain resources to which only root has

access. The drawback of allowing these programs is that in case of buffer

overflow attacks (the most common), any cracker can possibly gain access to the

system. Do not remove all the binaries that have the SETUID or SETGID bit set,

but make sure that you know what files carry those permissions.

The following command will find you the files on your system that carry the

SETUID and SETGID bit.

bash# find / -type f -perm +6000 -ls

Next on the checklist are world readable files. Never leave any files world

readable or world writable unless necessary. Create a group and delegate all the

resources within that group to be managed by an admin of the group. This

prevents any unwanted sharing of resources among system users.

Many a time, when the System security is compromised, the last thing the cracker

does is to remove all traces of his visit by cleaning out the log files. You can

remedy this situation partially, but there is no foolproof solution to this

crime.