KML_FLASHEMBED_PROCESS_SCRIPT_CALLS
 

Security Basics: 4 Steps to Tighten up Linux Security

November 20th, 2012 by - 9,513 views

Our previous security articles from GoGrid discussed 5 steps to enhance your security on Microsoft Windows and how to tighten up Windows security. But what about making your Linux server security a bit more robust?

security-camera

Overview

Security studies strongly demonstrate that most systems will be attacked within 5 hours after becoming publicly accessible—in some cases, in less than 2 hours. The sources of the attacks are often unsuspecting users whose systems have been compromised by malware and are in turn being used to attack and infect other systems. The majority of attacks target two common threats:

  1. A combination of commonly used system accounts (e.g., the root account) with weak, dictionary-based passwords
  2. Systems that are missing critical or high-security vulnerabilities

Solution

This article provides GoGrid’s security recommendations for Cloud Servers running Linux. Perform these 4 steps in sequential order immediately after provisioning new GoGrid Cloud Servers to maintain the security (confidentiality + integrity + availability) of your system.

Step 1: Patch your system

Attackers will typically scan your system for vulnerabilities within 2 hours of being publicly accessible. Often, the attackers search for un-patched network services that can be exploited remotely. To ensure system security, GoGrid recommends that you:

  • Apply all applicable critical or high-security updates immediately after your first successful login
  • Disable all unnecessary network services
  • Review security updates weekly

The following steps apply to CentOS and must be run as root:

  1. Let’s start by adding the yum security plugin by running this command:

    yum –y –security check-update
  2. Now let’s determine applicable security updates for your system by running this command:

    yum –security
    check-update

    yum security check-update

  3. Finally, let’s apply applicable security updates by running this command:

    yum –security update

The following steps apply to Debian and must be run as root:

  1. Let’s start by updating the Debian package index by running this command:

    apt-get update

  2. Now, let’s determine applicable security updates for your system by running this command:

    apt-get upgrade noup
    debian apt get upgrade noup

  3. Finally, let’s apply applicable security updates by running this command:

    apt-get upgrade

Step 2: Change your root password

As part of provisioning new Cloud Servers, GoGrid provides customers with auto-generated strong passwords for the administrator account. The password is temporary and you should change it immediately after patching your system. To ensure your password is strong, GoGrid recommends that you:

  • Reset the root password by running the passwd command and make sure the new password contains at least 12 characters.
  • The password should meet complexity requirements to help reduce the threat of an attacker guessing it. Use a combination of alpha-numeric characters, upper and lowercase letters, and non-alphabetic symbols such as @# % in your password.
  • Don’t share the new password with anyone outside your organization, including GoGrid personnel.

Step 3: Disable root SSH login

Attackers are going to attempt to gain access to your system by guessing the root password. That’s why it’s imperative you don’t permit root login through SSH. Perform the following 3 steps sequentially with root permissions:

  1. Create a new user account by running the adduser command, make sure the account name is non-dictionary, and consider including non-alphabetic symbols.
  2. Create a strong password for your new account (see Step 2 for password guidelines).
  3. Log off and then login with your new account and password.

Now it’s time to restrict SSH root access. Perform the following commands under root:

cd /etc/ssh/

cd ssh

Use your favorite text editor. For this example we’ll use vi:

vi sshd_config

Now search for PermitRootLogin and replace yes

sshd_conf root yes

with no and save your changes:

sshd_conf root no

Then restart the SSH daemon by typing this command: /etc/init.d/ssh restart.

Step 4: Install anti-virus (AV) software

Effective use of AV software can help reduce common malware infections and in some cases, zero-day threats. To reduce such threats, GoGrid recommends that you:

  • Deploy AV software that uses heuristic techniques to identify new malware or variants of existing ones.
  • Perform full scans at least daily.
  • Update your AV definitions at least daily.

In an ongoing effort to make cloud computing safer and better, GoGrid will be providing several primers on security. Previous article: “How to Tighten Up Windows Security.”

The following two tabs change content below.

Mario Duarte

Director of Security at GoGrid
Mario is GoGrid's Director of Security responsible for all security-related activities. He has 14 years of experience as a security professional working in the retail, health care, and financial sectors. He has built and managed security teams, developed and implemented security programs, and managed PCI and HIPAA compliance initiatives for medium and large organizations.

One Response to “Security Basics: 4 Steps to Tighten up Linux Security”

  1. Very helpful basic security knowledge provided here!! Nowadays computer and internet activity is increasing effectively and with that hackers are always updating their attacking ways as well. To compete with their advance attacks here mentioned 4 steps are effective to tighten up Linux security. Thanks.

Leave a reply