Posts Tagged ‘Linux’

Basic Tips for Better Linux Security

Wednesday, October 28th, 2009

With more Linux options that any other dedicated host, ServerPronto receives lots of questions regarding best practices for Linux security. Below are 9 basic tips to help you keep your server a bit more secure than the standard install. These were written for the Red Hat edition specifically, but the concepts are similar across most linux platforms.

Change the port ssh listens on.
Edit the ssh configuration file.
nano /etc/ssh/sshd_config
Locate the line “Port 22”.
Comment out this line by adding a “#” before it. (Good practice when modifying any file)
Insert a new line below it “Port ####” (Replace #### with a number between 1024 and 65535).
Save the file with “ctrl+o” and exit the editor with “ctrl+x”.
#### is the port sshd will listen on after the next restart of sshd.

Restrict ssh access to accounts which are not root.
Edit the ssh configuration file.
nano /etc/ssh/sshd_config
Locate the line “PermitRootLogin yes”.
Comment out this line by adding a “#” before it. (Good practice when modifying any file)
Insert a new line below it “PermitRootLogin no”.
Save the file with “ctrl+o” and exit the editor with “ctrl+x”.

Create alternate user account.
Use the adduser command to create a new user with ssh access.
“adduser –G wheel ?????” (Replace ????? with a username 5 or more characters long).
Set the password for the user.
“passwd ?????” follow prompts to set the password.

Open new ssh port in the firewall.
Edit the iptables configuration file.
nano /etc/sysconfig/iptables
Locate the line which contains “–dport 22”.
Comment out this line by adding a “#” before it. (Good practice when modifying any file)
Insert a new line below it exactly the same except replace “22” with the number you replaced #### with.
Save the file with “ctrl+o” and exit the editor with “ctrl+x”.

Make new user accounts easier to use.
Import a functional profile for all users with ssh access.
Create a file “nano /etc/environment-common”
Add the text “${EXPORT}PATH${EQ}/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:” to the new file without the “s.
Save the file with “ctrl+o” and exit the editor with “ctrl+x”.
Open the profile file “nano /etc/profile”
Add the text “EQ=’=’ EXPORT=”export ” . /etc/environment-common” at the end of the file.
Save the file with “ctrl+o” and exit the editor with “ctrl+x”.

Test user account.
Using your ssh client open a new connection to the server on port 22.
Login with the user you created.
Check super user access by typing “su” and entering the root password for the server.
Type “exit” twice to logoff of this test session.

Restart changed services.
“/etc/init.d/sshd restart”
“/etc/init.d/iptables restart”

Test new settings.
Using your ssh client open a new connection to the server on port ####.
Login with the user you created.
Check super user access by typing “su” and entering the root password for the server.
Switch to the original session logged on as root.
Type “exit” to logoff of this session.

Optional sudo (Super user) settings.
Use “visudo” to remove the comment from the line “%wheel ALL=(ALL) NOPASSWD: ALL”
Type “:wq” to save and exit this program.

Other helpful tips.

  • Ensure all password meet strong password requirements.
  • http://www.microsoft.com/protect/fraud/passwords/checker.aspx
  • Never disable the software firewall.
  • Change user account passwords on receipt of server details.
  • Do not run a mail server daemon unless you intend to configure it for internal use.
  • Disable all daemons and software packages you do not intend to use.

Tags: , ,
Posted in Dedicated Server Security | 2 Comments »

Linux: The Other OS

Monday, August 17th, 2009

Linux servers are treasured for their high level of security and wide application coverage. The platform delivers outstanding productivity on a variety of computers, including AMD and Intel-based hardware. Where did Linux get its start, and how did it reach the esteemed status of a major server platform?

Linux Background

The Linux OS began as a hobby of Linus Torvalds, a young student who attended the University of Helsinki in Finland. With a keen interest in Minix, a small Unix-like system, Torvalds wanted to develop a system that exceeded Minix’s standards. He released version 0.02 in 1991 and worked steadily until releasing version 1.0 of the kernel in 1994. The core of all Linux systems, the kernel was released under the GNU General Public License, which made the source code freely available.

During the mid to late 1990s, the techie community dismissed Linux as merely a hobbyist project, unaware of its potential. In their mind, the system was not suited for the computing needs of the general public and definitely not the server environment. This was due in large part to the system’s complexity and unfamiliarity. How times have changed! Thanks to the creators of desktop management systems such as GNOME and the Mozilla web browser project, a wide range of applications can now be run on the platform and used by virtually anyone regardless of their experience.

Securing the Linux Experience

If you are interested in running the Linux OS on your server, you can get a feel for its power by downloading a live CD version of the software called Knoppix. This version comes equipped with everything needed to carry out day to day tasks. After getting familiar with it, you may then wish to seek out other Linux distributions, such as Red Hat, SUSE, CentOS or Fedora. Although the system does require a bit of technical skill on your part, there are a number of modules that be incorporated to make the platform both easy to configure and use.

Tags: , , , , , ,
Posted in Dedicated Server Best Practices | 3 Comments »

What Does the Future Hold for the SUSE Server?

Wednesday, July 8th, 2009

The enterprise server OS market is dominated by Microsoft Windows, Unix and Linux. Although Unix still has a sizable share of the market, that share is declining rapidly. In contrast, Windows is performing quite well and holding steady, while the smaller Linux share is consistently growing in popularity.

The War between Windows and Linux

What does the future hold? This battle will likely come down to Windows and Linux, especially as Unix is being slowly phased out of the industry. There are a few enterprise distributions of Linux, but what of the SUSE server platform? Will it survive?

Microsoft and SUSE

Red Hat and Novell SUSE are the two major enterprise Linux distributions. These two heavyweights are fighting toe-to-toe for the Linux market share while trying to secure the upper hand on Microsoft as the same time. Although Red Hat is currently winning the battle, one may assume that SUSE is the fitting candidate, especially when considering that the server platform is being backed by Microsoft. In fact, Microsoft has invested in nearly $350 million Novell coupons, a move implemented to cater to customers who prefer Linux and ultimately spite Red Hat. The SUSE server OS is gaining ground, but what happens when the funds from Microsoft run out?

What the Rumors Say

The rumor mill says that Novell is having a tough time making ends meet, as its Linux invoicing dropped 42% last quarter. In addition, the company appears to be overly reliant on Microsoft to acquire new customers. Who will be laughing in the end? Probably Microsoft. Who will suffer the most? The Linux user community. This is especially true if Red Hat and others cannot gather up the resources necessary to compete.

Diehard fans of the Linux server are screaming for fair competition. Most of them view this as a battle that will come down between Red Hat and Windows – not Microsoft and what many are now calling Microsoft’s lapdog. This isn’t a criticism of the SUSE server, as it is still a very secure and capable platform. It does, however, raise the question: is SUSE worthy of the Linux title?

Tags: , , , , , , , ,
Posted in Dedicated Server Best Practices | 1 Comment »