Security is a false feeling that if we are secure, we have a feeling that we are not secure and if have a feeling that we are secure our system should have flaws. But we can take some precautions to make our Linux systems secure by following some best practices. Here I am discussing some of the practices for Linux security.
Update the applications
Always keep the applications up to date. Normally the application providers give updates to fix the reported vulnerabilities and for adding new features. So always update it to fix the vulnerabilities. If possible make it in an automated way to update it and do a manual check to verify it is updating automatically or not.
Keep the file permissions to default
In linux, the default permission for a web server ( in the case of cPanel control panel ) is 644 for file and 755 for directories. Most of the applications will work fine with this permission. Noticed lots of users set 777 permission to the files or directories to fix some issues without troubleshooting the exact issues. This is a bad practice.
Block unwanted ports
Install a firewall and open the required ports only and block all other ports is a good option. Even if any suspicious process started, they cannot communicate with outside, if the ports are blocked. Another option of adding security is changing the default ports of services like ssh, rdp, ftp etc. to custom ports. ssh and ftp are the most commonly attacked ports.
Common usernames and passwords
Do not use common username and passwords while creating logins for a system. The administrator username for a linux server/system is root and some of the distributions come with preset root password “toor” and if it is not changed it is a vulnerability. Like that most of the web interface for network devices come with a default username “admin” and password “admin”. And if we didn’t change that, anyone can access the device.
Few days before I bought an IP cam and its login details are admin/admin. As a linux admin, I will do the password change as the first measure to configure the device. Another thing I noticed the wordpress admin login, by default all are set username as “admin” and use some dictionary words as passwords. Setting a complex password is good. If we set the username other than admin, it is an additional security. Make sure the password also is complex. Following are some of the most common passwords by users.
You can google with the string “most commonly used passwords” to get the list of passwords. Always use a combination of alphabets, numbers, and alphanumeric for making a password.
Keeping unused accounts
Keeping unused accounts is a security risk too. In the case of a website, the site application will not uptodate, since we will not take care of the site updates for an unused website. Even though they are not using, the site is up and accessible to the internet. Site application without an update means it is vulnerable to attack. So it is better option to remove the unused accounts from the server. Another thing I noticed as a system admin is creating test accounts ( test mail accounts ) with simple passwords and keep those accounts without deleting after use and they are one of the key access to the hackers or spammers.
Same situation with the unused themes, plugins, and modules in the web applications. Users will not update them since they are not active on the site, but they are accessible from the internet. As I said before an application/site without an update is vulnerable to attack. so remove the unused plugins and themes is a good option to keep the site secure.
Keeping regular backup for the accounts is a good practice. 100% security is just a myth. We follow some security procedures, to secure the linux system/server. The accounts will hacked by hacking experts, even if we harden the servers. If we keep a regular backup for the account, we can easily restore the files and databases from the working backup. Scanners are not perfect to find all the vulnerable files, so cleaning the account is not a good option to keep the account secure. Finding the vulnerability before restoring from the backup and fix it after the restore is the good option to get a clean account.
As a system admin, I use some popular scanner tool to identify the vulnerable files, use log analysis, and recently modified file lists for finding the vulnerable files. The hackers are “system admins”, so they think like we do and make the modifications based on that. So the chances of missing the vulnerable files are there. Keeping the vulnerable files under the account is like giving the room key to the thief itself. So cleaning the account is last resort and always give priority to restore from backups.