Because the Linux operating system is an open source, free operating system, it is popular with more and more users. With the continuous popularization of the Linux operating system in China, the relevant government departments will regard the development of operating systems with independent copyrights based on Linux to the level of safeguarding national information security. Therefore, it is not difficult to predict that the Linux operating system will be in China in the future. Get faster and bigger development. Although Linux is very similar to UNIX, there are some important differences between them. For many system administrators who are used to UNIX and Windows NT, how to ensure the security of the Linux operating system will face many new challenges. This article describes a range of practical Linux security management experiences.
I. File System
In a Linux system, installing separate primary partitions for different applications and setting the critical partitions to read-only will greatly improve the security of the file system. This mainly involves the addition of (only add) and immutable properties of Linux's own ext2 file system.
● File partitioning Linux file system can be divided into several main partitions, each of which is different. Configuration and installation, in general, at least /, /usr/local, /var, and /home partitions must be created. /usr can be installed as read-only and can be considered unmodifiable. If any files in /usr have changed, the system will immediately issue a security alert. Of course this does not include the user's own content in /usr. The installation and settings of /lib, /boot, and /sbin are the same. You should try to make them read-only when you install them, and any modifications to their files, directories, and properties can cause system alerts.
Of course it is impossible to set all major partitions to read-only. Some partitions such as /var, etc., have their own nature and cannot be set to read-only, but should not be allowed to execute. .
● Extending ext2 uses the only add and immutable file attributes on the ext2 file system to further increase the security level. Immutable and just adding attributes are just two ways to extend the attribute flags of an ext2 file system. A file marked as immutable cannot be modified or even modified by the root user. A file marked as just added can be modified, but only after it can be added, even if the root user can.
These properties of the file can be modified by the chattr command. If you want to view the property values, you can use the lsattr command. To learn more about the properties of ext2 files, use the command manchattr for help. These two file attributes are useful when detecting hackers attempting to install intrusion backdoors in existing files. For security reasons, once such activity is detected, it should be blocked immediately and an alarm message sent.
If your critical file system is installed as read-only and the files are marked as immutable, the intruder must reinstall the system to delete the immutable files, but this will immediately generate an alert, which greatly reduces the Opportunity for illegal invasion.
● Protecting log files is especially useful when used with log files and log backups, immutable and only adding these two file attributes. The system administrator should set the active log file property to only add. When the log is updated, the newly generated log backup file attribute should be set to be immutable, and the new active log file attribute becomes only added. This usually requires adding some control commands to the log update script.
Second, backup
After completing the installation of the Linux system, you should back up the entire system. You can verify the integrity of the system based on this backup, so you can find out whether the system files have been illegally altered. If the system file has been corrupted, you can also use the system backup to restore to the normal state.
● CD-ROM backup The current best system backup medium is CD-ROM. In the future, the system can be compared with the contents of the CD to verify whether the integrity of the system is damaged. If the security level is particularly demanding, you can set the disc to be bootable and verify the work as part of the system boot process. As long as it can be booted from the CD, the system has not been destroyed.
If you create a read-only partition, you can reload them from the disc image periodically. Even if partitions like /boot, /lib, and /sbin cannot be installed as read-only partitions, you can still check them against the disc image and even re-download them from another secure image at boot time.
● Other ways of backup Although many files in /etc often change, many of the contents of /etc can still be placed on the CD for system integrity verification. Other files that are not modified often can be backed up to another system (such as tape) or compressed to a read-only directory. This approach allows for additional system integrity checks based on verification using the disc image.
Since most operating systems are now provided with the CD-ROM, it is very convenient to make a CD-ROM emergency boot disk or verification disk. It is a very effective and feasible verification method.
Third, improve the internal security mechanism of the system
Can improve the internal functions of the Linux operating system to prevent buffer overflow attacks such a highly destructive but the most difficult to prevent attacks, although such improvements require system management The staff has considerable experience and skills, but it is still necessary for many Linux systems with high security requirements.
● SolarisDesigner's Secure Linux Patch SolarisDesigner's secure Linux patch for the 2.0 kernel provides an unexecutable stack to reduce the threat of buffer overflows, greatly improving the security of the entire system.
Buffer overflows are quite difficult to implement because the intruder must be able to determine when a potential buffer overflow will occur and where it appears in memory. Buffer overflows are also very difficult to prevent. System administrators must completely remove the existence of buffer overflows to prevent this type of attack. Because of this, many people even include LinuxTorvalds, who also consider this secure Linux patch to be important because it prevents all attacks that use buffer overflows. However, it is important to note that these patches also cause problems with certain programs and libraries on the execution stack, which also pose new challenges for system administrators.
Non-executable stack patches have been distributed on many secure mailing lists (such as
[email protected]), which are easy for users to download to them.
● StackGuardStackGuard is a very powerful security patch tool. You can recompile and link critical applications with the gcc version patched by StackGuard.
StackGuard adds stack checking to prevent stack attack buffer overflows. Although this will cause a slight degradation in system performance, StackGuard is still a very useful tool for specific applications with high security requirements. .
Now that you have a Linux version that uses SafeGuard, it will be easier for users to use StackGuard. Although the use of StackGuard can cause system performance degradation of about 10 to 20%, it can prevent the entire buffer overflow.
● Adding new access control features Linux version 2.3 kernel is trying to implement an access control list in the file system, which can be added to the original three types (owner, group and other) access control mechanisms. More detailed access control.
New access control features will be developed in the 2.2 and 2.3 Linux kernels, which will eventually affect some of the current issues with ext2 file attributes. It provides a more precise security control than the traditional ext2 file system. With this new feature, applications will be able to access certain system resources, such as initial sockets, without superuser privileges.
● Rule Set Based Access Control The Linux community is currently developing a Rule Based Access Control (RSBAC) project that claims to enable B1 security for the Linux operating system. RSBAC is an extension framework based on access control and extends many system invocation methods, supporting a variety of different access and authentication methods. This is useful for extending and enhancing the internal and local security of Linux systems.