Our previous security articles from GoGrid discussed 5 steps to enhance your security on Microsoft Windows and how to tighten up Windows security. But what about making your Linux server security a bit more robust?

Overview

Security studies strongly demonstrate that most systems will be attacked within 5 hours after becoming publicly accessible—in some cases, in less than 2 hours. The sources of the attacks are often unsuspecting users whose systems have been compromised by malware and are in turn being used to attack and infect other systems. The majority of attacks target two common threats:

1. A combination of commonly used system accounts (e.g., the root account) with weak, dictionary-based passwords
2. Systems that are missing critical or high-security vulnerabilities

Solution

This article provides GoGrid’s security recommendations for Cloud Servers running Linux. Perform these 4 steps in sequential order immediately after provisioning new GoGrid Cloud Servers to maintain the security (confidentiality + integrity + availability) of your system.

Step 1: Patch your system

Attackers will typically scan your system for vulnerabilities within 2 hours of being publicly accessible. Often, the attackers search for un-patched network services that can be exploited remotely. To ensure system security, GoGrid recommends that you:

• Apply all applicable critical or high-security updates immediately after your first successful login
• Disable all unnecessary network services
• Review security updates weekly

The following steps apply to CentOS and must be run as root:

1. Let’s start by adding the yum security plugin by running this command:
   
   yum –y –security check-update
   
2. Now let’s determine applicable security updates for your system by running this command:
   
   yum –securitycheck-update

   

3. Finally, let’s apply applicable security updates by running this command:
   
   yum –security update

The following steps apply to Debian and must be run as root:

1. Let’s start by updating the Debian package index by running this command:

   apt-get update

2. Now, let’s determine applicable security updates for your system by running this command:

   apt-get upgrade noup
   

3. Finally, let’s apply applicable security updates by running this command:

   apt-get upgrade

Step 2: Change your root password

As part of provisioning new Cloud Servers, GoGrid provides customers with auto-generated strong passwords for the administrator account. The password is temporary and you should change it immediately after patching your system. To ensure your password is strong, GoGrid recommends that you:

• Reset the root password by running the passwd command and make sure the new password contains at least 12 characters.
• The password should meet complexity requirements to help reduce the threat of an attacker guessing it. Use a combination of alpha-numeric characters, upper and lowercase letters, and non-alphabetic symbols such as @# % in your password.
• Don’t share the new password with anyone outside your organization, including GoGrid personnel.

Step 3: Disable root SSH login

Attackers are going to attempt to gain access to your system by guessing the root password. That’s why it’s imperative you don’t permit root login through SSH. Perform the following 3 steps sequentially with root permissions:

1. Create a new user account by running the adduser command, make sure the account name is non-dictionary, and consider including non-alphabetic symbols.
2. Create a strong password for your new account (see Step 2 for password guidelines).
3. Log off and then login with your new account and password.

Now it’s time to restrict SSH root access. Perform the following commands under root:

cd /etc/ssh/

Use your favorite text editor. For this example we’ll use vi:

vi sshd_config

Now search for PermitRootLogin and replace yes

with no and save your changes:

Then restart the SSH daemon by typing this command: /etc/init.d/ssh restart.

Step 4: Install anti-virus (AV) software

Effective use of AV software can help reduce common malware infections and in some cases, zero-day threats. To reduce such threats, GoGrid recommends that you:

• Deploy AV software that uses heuristic techniques to identify new malware or variants of existing ones.
• Perform full scans at least daily.
• Update your AV definitions at least daily.

In an ongoing effort to make cloud computing safer and better, GoGrid will be providing several primers on security. Previous article: “How to Tighten Up Windows Security.”

• Bio
• Latest Posts

Mario Duarte

Director of Security at GoGrid

Mario is GoGrid's Director of Security responsible for all security-related activities. He has 14 years of experience as a security professional working in the retail, health care, and financial sectors. He has built and managed security teams, developed and implemented security programs, and managed PCI and HIPAA compliance initiatives for medium and large organizations.

Latest posts by Mario Duarte (see all)

• How to Recover from a Linux Security Breach – Recovery & Hardening (Part 2) - January 29, 2013
• How to Recover from a Linux Security Breach – Forensics, Analysis, & Building Teams (Part 1) - January 28, 2013
• Security Basics: 4 Steps to Tighten up Linux Security - November 20, 2012

Tags: Anti-virus, apt-get, AV, best practice, CentOS, Debian, How To, Linux, Patch, root, Security, ssh, Unix, yum
This entry was posted on Tuesday, November 20th, 2012 at 7:31 am and is filed under Cloud Server, General, GoGrid, How To, Linux, Public Cloud, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.