Because Linux code is scrutinized by security experts around the world, Linux is the preferred operating system for those who demand secure networks. But because Linux is open source, vulnerabilities can be easily exploited for malicious intent. As an increasing number of enterprises adopt Linux, managers and administrators require new tools and utilities to ensure a safe, secure network.
SearchEnterpriseLinux.com has assembled this guide to Linux security. Harden Linux servers with this collection of tips for protecting data centers, servers and software. We cover the basics of Linux security administration, offering information on host access files, binding services and specific interfaces, as well as more advanced subject matter, such as creating your own public key infrastructure (PKI) infrastructure and VPN with Layer Two 2 Tunneling Protocol (L2TP) over IPSec.
Buffer overflow
Firewall
Honey pot
Intrusion detection
Malware
Packet
Phishing
Scumware
Snort
Trojan horse
Virtual Private Network (VPN)
Virus
Virus hoax
Worm
SearchSecurity.com glossary
Security
Learning Linux security administration
Learning Linux, especially Linux security administration, can seem particularly tricky for those only well-versed in Windows. Here, security expert James Turnbull offers some pointers for getting up to speed.
Scanning vs. manual audits of software
Security expert James Turnbull explains why he thinks scanning can't replace manual audits when it comes to detecting bugs and flaws in software.
Phishing, Linux and Windows
Defensive measures for evolving phishing tactics
As AT&T learned, hackers are putting a new twist on phishing schemes to gain access to sensitive information. In this tip, Ed Skoudis examines how to defend against these attacks.
Linux vs. Windows security
An expert describes what makes Linux more secure than Windows.
Security and usability in SELinux
Cost versus usability for security professionals and organizations.
Increasing kernel security
"What are some block and character devices available for increasing my kernel security?"
Five ways SELinux may surprise you
Author and SELinux expert Frank Mayer will walk you through five of the ways that this venerable Linux security technology may surprise you.
OpenVPN: IPSec-like security with IPSec-less simplicity
Confused by IPSec? Try OpenVPN, a cross-platform compatible, modular network that works with virtually every firewall.
Nmap: A valuable open source tool for network security
Open source tool Nmap is a popular choice amongst hackers and security pros alike for network mapping and testing for network vulnerabilities.
Nagios
- Nagios offers open source option for network monitoring
IT shops using HP or BMC monitoring tools might want to take Nagios for a test-drive. Pro Nagios 2.0 author James Turnbull explains why.
- Nagios Looking Glass: Getting started
Nagios Looking Glass (NLG) allows users to access Nagios data on a Web server via an HTTP connection. Learn how to set up the NLG client-server model in this tip.
- Managing events with Nagios Event Broker
Use modules with Nagios Event Broker, a server event output and integration tool, for receiving events and executing code on them. In this tip, you'll learn how NEB functions, what modules are available and how to find other modules.
- Looking ahead to Nagios 3.0
James Turnbull, author of Pro Nagios 2.0, describes the new features in the upcoming Nagios 3.0 enterprise monitoring program.
- Download Chapter 2, Basic object configuration, of Pro Nagios 2.0
Get started on the basics of configuring your Nagios server to monitor hosts and services. Learn the differences between Nagios object types and their capabilities.
- Linux security help: Nagios with BMC Patrol, setting up SSH and more
How to configure Nagios with BMC Patrol. A security expert gives non-platform-specific help for setting up Secure Shell (SSH) and more in this interview.
- Reporting Nagios data to BMC Patrol
How to configure Nagios so that data alerts, reports and other information generated are sent to BMC Patrol, which will be used as an alert tool.
- Running Nagios on RHEL 5 or Solaris 10
A security expert recommends using a Linux-based operating system, like Red Hat, with open source network monitoring tool Nagios.
OSSEC
- Host intrusion detection with OSSEC
Keep your corporate network secure with open source OSSEC, an intrusion detection and prevention services tool that provides host agent and file integrity agent capabilities on Windows and Linux. In this tip, a security expert provides a walkthrough for installation and configuration.
- OSSEC: The server and agent model
Get the benefit of regular alerts and status reports from configuring open source IDS/IPS OSSEC to run as a server and agent model.
Simple Event Correlation
- Simple Event Correlation installation and configuration
Simple Event Correlation is an open source tool designed for reading incoming data feeds and performing actions based on user-defined rules. Learn how to install and configure this small- to medium-sized enterprise appropriate tool.
- Defining event rules in Simple Event Correlation
Simple Event Correlation is an open source tool designed for reading incoming data feeds and performing actions based on user-defined rules. In this tip, we'll learn about defining different types of rules associated with events and correlation.
The pros and cons of IPsec
"What are the advantages and disadvantages of IPSec? How does it work?"
Installing, configuring firewalls, packet filtering in RHEL4
Unix-Linux migration and integration expert Ken Milberg explains how to install and configure a firewall on Red Hat Enterprise Linux 4.
CIPE vs. IPsec
"Which offers more security, CIPE or IPsec?"
Alert vs. log in the Snort /var/log/snort directory
A Linux security expert explains that the difference between the Snort alert and log logs
Chapter 8, Security from "DB2 9 for Linux, UNIX, and Windows Database Administration Study Guide"
Download a sample chapter on security from this comprehensive study guide that covers all areas tested including: server management, data placement, database access, analyzing DB2 activity, DB2 utilities, and high availability.
Linux security: Authenticate your users and know what they're up to
Do you know who has access to your data? Linux security expert Kurt Lingel explores some tools that help to authenticate users and monitor user activity.
Monitoring open ports on RHEL 5
How to determine which ports are open in Red Hat Enterprise Linux 5 (RHEL 5) and how to figure out if your ports have been compromised by an attack.
Security information management: OSSIM
Get an enterprise-wide view of the state of security with OSSIM, Open Source Security Information Management, a monitoring package of integrated open source tools.
Fortifying Linux against common malware
Find out how to fight malware by teaming a new capability in the Linux kernel with processor-based tools.
BackTrack: The gotta-have free security tool you've never heard of
Get the power of Linux-based security tools on Windows with this free suite of open source security tools. Contributor and vulnerability assessment expert Kevin Beaver introduces BackTrack and explains its network security testing features.
Using Sysmask to safeguard Linux installations
Find out how Sysmask-protected Linux installations in the enterprise can reduce the number of exploitable kernel-level vulnerabilities.
Account locking for Linux via PAM
Discover how to configure account blocking on a Red Hat host with PAM and prevent a potential denial-of-service attack caused by repeated locking of user accounts.
Seven tips for optimizing shell script security
Inherent weaknesses, a complex syntax and the general lack of consideration for security make writing secure shell scripts difficult. This tip focuses on major issues in shell script security across multiple shells.
Shell game: Managing Bash command history
Limiting or disabling the Bash command history can prevent attackers from gaining access to passwords, IP addresses and other valuable data and compromising your host.
SELinux Policy Editor: Removing micromanagement from administrative control
It can be tough to handle extended security attributes across a range of users, processes and files or directories that encompass more than one server. Enter SELinux Policy Editor, seedit, which offers a suite of native front-end administration utilities.
Higgins Project: Seeking identity management without Microsoft restrictions
The Higgins Project is an open source effort to create a standard for managing and defining digital identity. Here, a security expert discusses the challenges involved in integrating Higgins with Microsoft's proprietary CardSpace.
PGP/GPG
Bastille Linux: Introduction and installation
Bastille Linux is an automated security tool, ideal for cross-platform environments. Get started here with an introduction and instructions for installation.
Intrusion detection with Snort on Red Hat Enterprise Linux 5
Snort is a popular open source intrusion detection system (IDS). Learn how to install this security tool and configure it with MySQL on Red Hat Enterprise Linux 5. This is also applicable to Red Hat Enterprise Linux 4, CentOS 4 and 5 and Fedora Core 5 and 6.
Locking down open relays
Two tools to determine if your mail server is an open relay and has been compromised.
Securing your Linux server with iptables
Harden your Linux server security with this tutorial on configuring the rules for iptables in your firewalls. See samples of code for rules and iptables, as well.
Setting up SSH for remote, secure server access
General advice on setting up Secure Shell (SSH) for remote access from a server.
Fedora
Kickstart your Linux security by avoiding garbage installations
Unnecessary packages on servers pose a security risk, because their processes can be hijacked by hackers. But if you use Red Hat Kickstart, you can customize your installations without costing yourself loads of time.
Securing GRUB on Red Hat Enterprise Linux
Keep your Red Hat server safe from attackers by securing your GRUB boot loader with a password that will prevent unauthorized access to your hosts after a reboot.
Sealing Red Hat security gaps with open source security tools
Find out how Red Hat Linux users can blow up hackers and intruders with TripWire, Nessus and Snort.
Passphrases instead of passwords on Red Hat
- Passphrases instead of passwords on Red Hat, Part 1
Passwords may not be the perfect security control for corporate environments, because they are so easily tackled by attackers. Passphrases may provide a better solution, says James Turnbull in this tip, and Red Hat already includes the capability to use passphrases.
- Passphrases instead of passwords on Red Hat, Part 2
Passphrases may be a good alternative to passwords for corporate security. This tip discusses how to configure Red Hat to support passphrases.
YaST control center: Novell AppArmor
Create an effective security policy with Novell's AppArmor, which allows you to profile, monitor and restrict application behaviors for any server or workstation running SUSE.
SUSE security: Forgotten passwords, AppArmor
A security expert describes how to harden your openSUSE 10.2 installation and talks about open source security tools.
Using SUSE AppArmor to profile a workstation application in FireFox
Learn how to create application security policies with Novell's AppArmor in a FireFox browser, the OpenOffice suite or any SUSE Linux Enterprise server application.
The Linux desktop: Browser and distro security tips
Learn why distro security is subjective, what basic steps users can take to protect themselves from browser security flaws and why the Linux desktop is more secure than Windows.
Firefox plug-ins: Download or tune out?
There is no way to determine whether Firefox plug-ins are malicious or not. In spite of Mozilla's review process, users still download at their own risk.
User Mode Linux: Maximizing performance, jailing attackers
In this interview, User Mode Linux author and project architect Jeff Dike gives security tips on UML and discusses why, in some ways, UML is better than Xen and VMware.
AppArmor vs. SELinux
An expert says that, yes, AppArmor does offer equivalent security to SELinux.
Application security on Linux, Solaris and AIX
Considering the security of Linux, Solaris or AIX.
Licensing and application security
Licensing restrictions can provide safeguards but not a complete defense. What to look for when considering the security of an application.
Security and tools in Linux distributions
Recommendations for specific security features to look at in a Linux distribution.
SELinux in RHEL 5: More enhanced, more security
Enhancements to SELinux functionality in Red Hat Enterprise Linux 5 (RHEL 5) are a much-needed improvement over the original deployment in RHEL 4. Our expert gives some tips on SELinux Troubleshooter utility, multilevel security integration and deploying the improved SELinux. By making the kernel modification easier to implement, administrators will have fewer problems implementing mandatory access controls which should lead to more secure systems.
Linux, virtualization help GHY meet post-9/11 requirements
In the post-9/11 world, security measures have been tightened, especially in the import/export industry. Learn how one firm used Linux and hardware virtualization to keep up with changing rules and add flexibility to client IT environments.
Linux grid takes out firm's aging mainframe
After decades on a mainframe, the U.S.'s oldest automotive information and metrics provider looked to Linux on a grid for an elegant -- and fast -- money-saving alternative.
At university, GroupWise on Linux beats out Exchange
When Golden Gate University's e-mail/collaboration software needed an update, Exchange was on the eval list. In this story, GGU's IT team explains why Exchange wasn't chosen and the university is pursuing an aggressive new Linux and open source strategy.
Microsoft's high prices drive FSW to Linux, open source
Microsoft's high costs and pricing policies are driving FSW Inc. into the arms of the open source community. The company's IT director describes how and why FSW switched to Linux and open source apps and to server virtualization and OpenOffice desktops.
Church volunteer quells IT chaos with Linux
The Church of the Epiphany found IT salvation with a little help from Linux and Samba.
Red Hat Enterprise Linux 5, JBoss to receive security boost
Red Hat has announced that Red Hat Enterprise Linux 5 (RHEL 5) will now be subject to the Common Criteria certification and HP will offer multilevel security services for RHEL 5.
Red Hat, IBM partner on mainframe security
Government customers will be the first to benefit from new support and security enhancements for Red Hat Linux running on IBM mainframes.
Red Hat, Symantec to offer bundled secure server applications
Red Hat teamed up with security vendor Symantec to offer a bundle that couples Red Hat Enterprise Linux with an intrusion protection service, Symantec Critical System Protection.
TCS automates Linux server hardening
For Linux system administrators striving to harden a system on a server-by-server basis, Trusted Computer Solutions' Security Blanket may be the way to go.
Linux security terms
