aniediogo's blog

Linux System Security and Maintenance

Angela Chidiogo's photo
Angela Chidiogo
·

6 min read

Table of contents

Based on the operating system's strong default permissions structure, Linux security is deemed good. Best practices must still be followed to maintain your machine's functioning.

Removing orphan packages

Removing redundant packages that the system does not use or require is one of the best strategies to secure a system. It's a good idea to keep the system or server clean and tidy. Install only required packages and remove unnecessary ones. The fewer the packages, the lower the possibility of unpacked code. Take special note of the add-on packages. $ sudo rpm -qa returns a list of all packages for CentOS and other RPM-based Linux distributions. $ sudo apt list --installed for Debian-based distributions.

Removing a package

For RPM-based systems,

$ sudo rpm -e < package name >

For Debian-based,

$ sudo apt remove <package-name>

Keep kernel and system up-to-date

To maintain security, it is important to register on the websites of operating system vendors such as Redhat, CentOS, Ubuntu, Debian, and others. Maintain contact with the OS community and technical information streams. Use package management tools from the Red Hat Satellite or Debian Landscape to maintain both the GUI and the command line, keep an audit of the Linux machine's actions and receive alerts when there is a danger.

Commands for system update and kernel information

  • $ sudo apt update - This command changes the OS's remote repository to fetch more packages while also preserving previous package versions, which is essential when executing programs that require older packages.

  • $ sudo apt upgrade - this command updates all the packages in your operating system by deleting obsolete packages and replacing them with the newest versions.

  • $ uname -a - checks the Linux distro, the major and minor versions, the system architecture, etc.

  • $ cat/etc/os-release - lists the pretty_name, name, id, version,version_id, version_codename, id_like, ansi_color, home_url, support_url, and bug_report_url.

Types of upgrade

  1. Major version upgrade - This is a patch management or kernel version upgrade. For example, an upgrade to version 4 or 6, or 7, and so on. A thorough snapshot of all data and configuration files is required before this upgrade.

  2. Minor version upgrade - subversions of a major upgrade are usually referred to as patch management. Eg upgrade to version 4.2 to 4.3 or 5.6 to 5.7.

Stopping and disabling unwanted services

A service is a running process that makes use of available system resources such as CPU, memory, builds, and utilities. It is best to identify the operating services before stopping or disabling them.

Commands to check Linux services

  • $ systemctl list-units - lists all the UNITs or services running, their load status, their activity status, if they are running, plugged or mounted and a description of the type of service.

  • $ netstat -l - Shows active Internet connections for servers, the Proto they are using, receive and send queries, local address within the system, foreign Address and state.

  • $ service --status-all - uses plus and minus signs to display all running services (+) and all stopped services (-).

  • $ ps -ef - this command gives a list of all the running processes with the user ID of the account where the process is running from which usually is the root account, the process ID of the running services, time and location, etc.

Disabling and stopping a service

$ service <service name> stop

$ service <service name> disable

Or

$ systemctl stop <service name>

$ systemctl disable <service name>

Separate Disk partitions

Disk partitioning helps to safeguard the disk in the event of a malware attack, particularly ransomware. If a cyber assault occurs on the system, it has a lower and less likely possibility of damaging data in other partitions. Disk partitioning improves the overall performance of programs and systems. If all apps are running on the same partition, they will share the same disk, IOs, and partitions to read and write to, but if they are separated into distinct partitions, one application may run in a different preset partition than the other.

Prominent disk partitions

  • /

  • /home

  • /usr

  • /dev

  • /etc

  • /var

  • /tmp

  • /bin

  • /boot

  • /lib

  • /sbin

  • /sys

  • /media

  • /proc. Etc

Disable USB stick detection

Disabling USB stick detection as a security technique protects the system from unauthorized copying of files and information from the system by third parties.

To disable USB detection

  • $ cd /etc/modprobe.d

  • Create a file “no-usb” with touch command - $ touch no-usb

  • Add this line $ install usb-storage /bin/true

  • Save the file.

    Lockdown cron job

An effective method of protecting Linux servers is to disable their cron job. Cron is a powerful utility in Linux or Unix-like operating systems that allows you to schedule tasks or scripts to execute at a certain time. Cron jobs are another name for scheduled commands. Furthermore, cron is commonly used to do scheduled backups, monitor disk space, delete files, and perform system maintenance tasks, among other things.

There is a built-in functionality in cron that allows users to select who is and is not permitted to cron jobs. The files that enable and refuse cron jobs are stored in the $ /etc/cron.allow and $ /etc/cron.deny

To prevent a user from running cron jobs or to prevent a user from performing cron tasks, add their usernames to the allow or deny files.

Commands to allow and deny users from a cron job

  1. To deny user-A from initiating cron jobs,

$ echo user-A >> /etc/cron.deny

Note: the >> is to append the name of the user to the /etc/cron.deny file without overwriting the content of the file.

  1. To allow user-A to initiate cron jobs

$ echo user-A >> /etc/cron.allow

  1. To allow cron job for root and every other user with root privilege,

$ echo root > /etc/cron.deny

This command will overwrite the file to allow only root and should be followed by erasing the users specified in the /etc/cron.deny file.

System Backup

System backup is the act of making a copy of important files, directories, and other data in the operating system and saving it in a different location for quick retrieval in the event of an emergency. Backups are also employed in the event of an operating system failure, a security breach, a storage crash, and so on.

The simplest way to back up files in Linux is to copy the files into a different location using the $ cp command. Eg:

$ cp /etc/nginx.conf /tmp

By this, a copy of the Nginx config file which is originally in the /etc directory will be sent to the /tmp directory. In events of misconfiguration, the file can be retrieved with its initial configurations intact.