"Linux Gazette...making Linux just a little more fun!"

A Bit About Security

By Marcus Berglund

If you are a potential website/permanent connection, the first thing you should know about is security...

I, from personal experience know what happens when people 'hack' into my machine, it nearly become an international court case. I won't go into details, but it was from my ignorance, and is why I lost my job.

When setting up a machine you should have a guess who might be able to access you machine, and when you setup a new user, eg. to get pirated programs, they'll know how to get in. Sure, you might be able to get free programs and people might look at you in a different way, but if someone with more experience than you (and there is always alot of them, no matter how good you are) sees an obvious security hole they will exploit it as much as they can, so they don't get in trouble and you do.

Linux/Unix is a very flexible/Configureable OS and thats where security holes apear, and disapear. Just ask a system administrator, most Linux distributions need some work before they are close to internet useable, or hack proof. I personally couldn't list every file you would need to edit, but startup files (or links with redhat & debian) you will need to remove, if you don't use them, and /etc/inetd.conf is another place to start, if you don't understand these files, imidiately remove network connection, and read man pages!!!

A basic checklist might be: time, echo, nfs*, telnet*, smb (netbios), ftp, login, pop3, nntp, tftp*, netstat, finger, http, etc... (* these are popular protocols, but are can be very insecure), if you are on a network and are unsure, ask your sysadmin, they will most certainly know more from experience what you should and shouln't use, and most (experienced with Linux) could probably give you some good advice...

At this stage you've gone through and remove unecessary services, now restart your config files ('shutdown now' and login then as root then 'init 3' or restart (better ideas - send them in)), now you learn how the protocols work, what files they access, and what security holes they leave, eg. if you have people that are only using windows to share drives you might set them up in a group that has no telnet and ftp access (for example).

Adding new users should never be as easy as it seems, unless you can trust the person, eg. I have an 'smb' group on my machine for samba users, and they are denied access through telnet and ftp, since they are they only other services I offer on my machine. When working out what people have access to what, plan what you are going to do, eg. restrict certain 'groups' access to paticular services.

At this stage you are probably thinking, "What alot of stuffing around", but as an 'NT ISP' recently proved to me, even they are succeptable to incorrect user access attacks, so don't say that it is only resricted to the Unicies, all OS's suffer, it's just that Unicies can be a little harder to configure than NT, and can be attacked easier by very experienced Unix hackers, as NT with NT hackers...

But probably the biggest advantage to Linux is that 99% of the time you can get the source code and, I ask one question, if you gave away the source code for a program, are you going to leave obvious security holes for personal access, I think not...

It all mainly comes down to asking the computer, people on the internet and sysadmins what you should and shouldn't do, and a little common sense does help alot too, and have fun in the meanwhile.

Copyright © 1998, Marcus Berglund
Published in Issue 24 of Linux Gazette, January 1998