After more than a decade of development, Linux's functions are constantly enhanced, and its security mechanism is gradually improving. According to the TCSEC evaluation standard, the current security level of Linux has basically reached C2, and a higher security level Linux system is under development.
Let's take a look at the existing security mechanisms of Linux. Some of these mechanisms have been accepted by standard Linux, and some have only provided the "Patch" program.
PAM mechanism
PAM (Pluggable Authentication Modules) is a set of shared libraries, the purpose is to provide a framework and a set of programming interfaces, the certification work is handed over to the administrator by the programmer, PAM Allows administrators to choose between multiple authentication methods that can change local authentication methods without recompiling authentication-related applications.
PAM features include:
● Encrypted passwords (including algorithms other than DES);
● Resource restrictions on users to prevent DOS attacks;
● Allow random Shadow passwords;
● Restrict specific users from logging in from a specified location at a specified time;
● Introduce the concept of "client plug-in agents" to enable PAM to support C/S applications Machine —— machine certification is possible.
PAM facilitates the development of more efficient authentication methods. Based on this, it is easy to develop an authentication method that replaces the conventional username and password, such as smart card, fingerprint recognition and other authentication methods.
Intrusion Detection System
Intrusion Detection Technology is a relatively new technology. Very few operating systems
have installed intrusion detection tools. In fact, standard Linux The release version is also recently equipped with this tool. Although the history of intrusion detection systems is very short, the development is very fast. Currently, the more popular intrusion detection systems are Snort, Portsentry, Lids, and so on.
Using Linux-equipped tools and tools downloaded from the Internet, Linux can be equipped with advanced intrusion detection capabilities, including:
● Record intrusion attempts, notify when an attack occurs Administrator;
● Take pre-specified actions when a specified attack occurs;
● Send some error messages, such as disguising as other operating systems, so that the attacker will think they are Attack a Encrypting File Systems Encryption technology plays an increasingly important role in the security of modern computer systems. Encrypting a file system is to introduce encryption services into the file system to improve the security of the computer system. There are too many reasons to encrypt a file system, such as preventing a hard drive from being stolen, preventing unauthorized access, and the like. At present, Linux has a variety of encrypted file systems, such as CFS, TCFS, CRYPTFS, etc., and more representative is TCFS (Transparent Cryptogr APhic File System). It tightly integrates the encryption service with the file system so that the user does not feel the encryption process of the file. TCFS does not modify the data structure of the file system, and the semantics of backup and repair and user access to confidential files remain unchanged. TCFS is able to make confidential files unreadable to the following users: ● Users other than legitimate owners; ● Users and remote file system communication lines Listener; ● Superuser of the file system server. For legitimate users, accessing confidential files is almost indistinguishable from accessing ordinary files. Security Auditing Even though the system administrator has taken various security measures savvyly, some new vulnerabilities are unfortunately discovered. The attacker quickly seizes the opportunity to break through as many machines as possible before the vulnerability is fixed. Although Linux can't predict when a host will be attacked, it can record the attacker's whereabouts. Linux can also detect, record time information and network connections. This information will be redirected to the log for future reference. Logging is an important part of the Linux security architecture and is the only real evidence of the attack. Because of the variety of attack methods available today, Linux provides network, host, and user-level log information. For example, Linux can record the following: ● Log all system and kernel information; ● Record every network connection and their source IP address, length, and sometimes the user of the attacker Name and operating system used; ● Record which files the remote user requests to access; ● Record which processes the user can control; ● Record each command used by a specific user . Log information is indispensable when investigating network intruders, even if the investigation is done after the actual attack. Force Access Control Mandatory Access Control (MAC) is a type of access control defined and implemented by the system administrator from a system-wide perspective. The subject and object, forcibly restrict the sharing and flow of information, so that different users can only access the information of the specified scope, which fundamentally prevents the loss of information and the disorder of access. The traditional MAC implementation is based on the MLS strategy defined in TCSEC, but because of the shortcomings of MLS itself (inflexibility, poor compatibility, difficult management, etc.), researchers have proposed a variety of MAC policies, such as DTE, RBAC, etc. Since Linux is a free operating system, there are several implementations of mandatory access control on it, including SElinux, RSBAC, MAC, etc., and the strategies adopted are different. The SELinux security architecture introduced by NSA is called Flask. In this structure, the logic of the security policy is encapsulated in a separate component from the operating system. This separate component is called a secure server. . SELinux's security server defines a hybrid security policy consisting of type enforcement (TE), role-based access control (RBAC), and multi-level security (MLS). Different security policies can be supported by replacing the security server. SELinux uses a policy configuration language to define security policies, which are then compiled into binary form by checkpolicy, stored in the file /ss_policy, and read into kernel space when the kernel boots. This means that the security policy will be different each time the system boots. Policies can even be changed during system operation by using the security_load_policy interface (as long as the policy is configured to allow such changes). The full name of RSBAC is Rule Set Based Access Control, which is based on the Generalized Framework for Access Control (GFAC) model proposed by Abrams and LaPadula and can be provided based on multiple modules. Flexible access control. All safety-related system calls extend the security implementation code, which calls the central decision component, which then calls all active decision modules to form a comprehensive decision, which is then implemented by the system call extension. The modules currently included in RSBAC mainly include MAC, RBAC, and ACL. MAC is a very basic MAC access control written by Malcolm Beattie for Linux 2.2 in the UK, which separates a running Linux system into multiple invisible (or mutually restricted) subsystems. Subsystems can be managed as a single system. The MAC is based on the traditional Biba integrity model and the BLP model, but the author does not seem to continue his work. Firewalls A firewall is a component or series of components that restrict access between a protected network and the Internet, or between other networks. The Linux Firewall System provides the following features: ● Access Control, which implements address-based (source and destination), user, and time access control policies to eliminate unauthorized access. At the same time, protecting legitimate access by internal users is not affected. ● Auditing, recording network access through it, establishing complete logs, auditing and tracking network access records, and generating reports as needed. ● Anti-attack, the firewall system is directly exposed to the untrusted network. For the outside world, the internal network protected by the firewall is like a point. All attacks are directed against it. This point is called the fortress. Machine, therefore requires the fortress machine to have a high degree of security and the ability to withstand various attacks. ● Other ancillary functions, such as audit related alarms and intrusion detection, access control related authentication, encryption and authentication, and even VPN, etc.
NT or Solaris system.
For beginner Linux (me too), I dont want to mess with Linux in the virtual machine, and I dont want
Get the NIC traffic through the 3rd party tool, this must be very clear. In fact, the effect can be
That day, my colleague showed me an operation step on my computer, using an env command, well, I adm
CentOS modify IP address First turn off the firewall: service iptables stop# ifconfig eth0 192.168.1
Software installation and uninstallation under Linux
Linux command line knowledge: apropos command parameters and usage introduction
Quickly create custom software RPM packages in Linux Raiders
Overview of Linux I2C Driver Architecture
How to turn off UseDNS to speed up SSH login
U disk installation Linux skills
Linux shell awk get external variables (variable value) Introduction
Solve system problems accurately and do Linux log management
The method of loading ISO files under Linux operating system introduces
Linux limits the external connection port modification
How to create or format a partition win10? Win10 format partition method
How to create slow motion video under win10 system
What is the XP system quick release and slow install version
What should I pay attention to when reinstalling the system
How can I solve the Win7 computer working group?
How to change the location where the notification information appears in the Win10 system
Personalize the Win 7 drive icon
The Linux CPU number judgment command