Linux has managed to become accepted in the commercial world. Although Windows is more used, Linux servers are used almost everywhere nowadays. That Linux servers have become popular also means that some people are looking into how to break into Linux servers. Here is a short overview about Linux server security.
The difference between Windows and Linux is huge. Windows is controlled by Microsoft and you only get OCO (Object Code Only). If you are not happy with something in the Windows operating system, you have to wait until Microsoft does something about it. Linux on the other hand is open source, at least in theory, you can get the source code. Of course, most Linux users will not be better off with the source code but that means that more than one company can improve the system. Of course, the access to the source code could, at least in theory, help the bad guys to find security flaws in the system.
So how do you make a Linux server secure? All servers connected to a network face two different kinds of risks, attacks from the outside and unauthorized access from logged in users. When it is comes to security, the weakest link determines your level of security, so you need to pay attention to all levels.
It is also very important that the server location is secure. If people can just walk up to the computer and boot it from their own external device, the Linux security features can’t help you. You need to make sure that the server is in a secure room and that the BIOS and boot loader are password protected. Also make sure that backups are kept in a secure place. If people can walk out with a backup of your data, they don’t need to waste their time on trying to break into your Linux system.
First, you should always protect the servers on your network with one or more firewalls. Firewalls are very good at keeping the bad guys out. But in today’s rough world, you don’t want to rely on firewalls alone. You need to harden your Linux systems as well.
The best practice of how to harden Linux changes all the time, check the Internet or your Linux vendor for the latest recommendations. But in essence, you want to disable all services that are not absolutely necessary. You should also only allow encrypted communications, such as ssh. But beware that ssh, like all networking protocols, is a potential security risk.
New security holes are detected all time, and generally patches are quickly released fixing them. This means that you must update your operating system and applications regularly. Unfortunately, the root account is all powerful so make sure that it is very secure. Basic hardening includes not allowing root logins over the network.
Auditing has never been a strong feature of Linux but when rightly configured auditd can be used for all necessary auditing. You also have a number of other solutions for keeping track of what has changed on your Linux systems.
Like all other operating systems, you have a big problem if a Linux system has been compromised. The only secure solution is to re-install the system from scratch. This is very time-consuming and disruptive for the users. And if you have a number of servers that are configured in the same way with the same users, you have to re-install several servers.
If you know when the system was compromised, you can use backups to get the system to a point before the attack. But this can often be as time consuming as installing the system from scratch. And it does not really make sense to restore the system before you have worked out how the system was compromised. If you don’t close the security hole, the restored system may get attacked again and you are back to square one.