Guide For Regular Linux Users
Linux distributions have been upvoted lately by millions of worldwide internet users. As a result, the overall count of Linux users is rising dramatically. After speculating the current internet based global market, one thing is getting clearer, open source is making a whiz- bang comeback. Nowadays, most of the internet based businesses’ operate on a well established interconnected computer network, headed by a powerful server. The mainframe server either works on Linux or Windows based operating system(s). Apparently, the market for Linux is growing dynamically, specially the use of Linux on servers.
Wondering why ?
Well, here is a guide for you to understand why most of the businesses’ prefer their server operations on Linux distributions and how the data privacy and security quotient can be enhanced to more secure level via Linux.
1)Understand your server’s need, install packages accordingly !
The best thing about using an Open source platform is that you don't have to install unnecessary software packages on your system. In-fact, it’s always better to only install what is required, things that you solely intend to work on. This saves cache memory and maintains the server uptime avoiding system lags and unnecessary troubleshooting.
For instance, if you are looking forward to run your own server, there might be a tendency that you may want to make use of the server space to the fullest by installing a lot of software and applications. In other words, suppose you are provided with almost 50GB of SSD storage from a host, you will want to install most of the application services that are available on the net(why waste web space, right ?). Well, it’s your server and definitely you can install whatever you feel is appropriate. However, as they say, taking things for granted can subsequently lead to certain repercussions.
FYI, when it comes to hijacking information, even the most high end servers can be vulnerable. All that is needed to exploit a server is simply one unpatched component.
First things first, in order to avoid such hassles, you MUST maintain your server appropriately. Just install what is required and simply avoid installation of any unnecessary packages. Always remember, unpatched codes can become a servers weaknesses. And hence, the fewer packages, the lesser are the chances for coming across any unpatched codes which can give rise to issues in the future.
Hence, before you install any third party software package, it is recommended that you read the terms and conditions & then move ahead to install only those elements that are REQUIRED to complete the overall software installation process.
2)DO NOT run unknown services
The second rule to optimize your security level on the Linux architecture is to only run those services that are needed to perform your organizational/individual tasks on your server and on other Linux systems. Many a times there is a tendency that some distros/packages may trigger another service on some other port. This could very well lead to a possible security risk.
So just keep a check on all the services that are running on different ports by applying the following command on the terminal:
netstat -npl
When you use this command, your terminal screen will display all the services that are running on the different ports.
These are some other NETSTAT commands that can always be handy.
Now that you know what all services are running on your ports, you can stop any of the service(s) which you think are not appropriate to be running on your network.
One more thing that you should keep a check on is the number of services that are enabled, which start running when your system starts. For the same, you can use the command on the running systemd:
systemctl list-unit-files --type=service | grep enabled
When you apply this command, you get an output displaying all the services running on your system.This way, if you spot anything fishy, you can always disable it via the terminal itself.
To disable a service, all that you need to do is simply type the command
systemctl disable service_name on your terminal window.And wait for the magic to start thereafter !
3)DO NOT allow easy access to the server;use encryptions to restrict access
Your attitude towards your server should be somewhat like your attitude towards your house. Just the way you are very precautious about your house’s security(which further implies to security of your loved ones and your household things), likewise, you should monitor your server very precautiously to ensure adequate security of your data. After all it’s all about the information and hence, security matters. So try to restrict your server access to only the necessary people. The Server is the root , you have to not let it down in order to avoid any unwanted memory dump and rootkit attacks.
4)DO NOT login as ROOT
One thing that is always discouraged by the experts is to ssh into server as a superuser.You can disbale ssh as root user by implementing a series of terminal commands. But before that, here is a way to create a user having access to some SUDO elements.This will help to ssh in to the server and perform most of the administrative tasks(as a practice to avoid any root access attacks in future).
As you might be aware, different distributions have different set of parameters to add a user.
Lets take an example of how a user can be added on Ubuntu.
You simply type in the command adduser username. After this, you will be asked a few questions by the system which you need to answer sequentially to create a user password.
Once done,the next thing that you’d need to do is to provide your user with some sudo powers.
So you run the command : gpasswd -a username sudo.
Linux distributions have been upvoted lately by millions of worldwide internet users. As a result, the overall count of Linux users is rising dramatically. After speculating the current internet based global market, one thing is getting clearer, open source is making a whiz- bang comeback. Nowadays, most of the internet based businesses’ operate on a well established interconnected computer network, headed by a powerful server. The mainframe server either works on Linux or Windows based operating system(s). Apparently, the market for Linux is growing dynamically, specially the use of Linux on servers.
Wondering why ?
Well, here is a guide for you to understand why most of the businesses’ prefer their server operations on Linux distributions and how the data privacy and security quotient can be enhanced to more secure level via Linux.
1)Understand your server’s need, install packages accordingly !
The best thing about using an Open source platform is that you don't have to install unnecessary software packages on your system. In-fact, it’s always better to only install what is required, things that you solely intend to work on. This saves cache memory and maintains the server uptime avoiding system lags and unnecessary troubleshooting.
For instance, if you are looking forward to run your own server, there might be a tendency that you may want to make use of the server space to the fullest by installing a lot of software and applications. In other words, suppose you are provided with almost 50GB of SSD storage from a host, you will want to install most of the application services that are available on the net(why waste web space, right ?). Well, it’s your server and definitely you can install whatever you feel is appropriate. However, as they say, taking things for granted can subsequently lead to certain repercussions.
FYI, when it comes to hijacking information, even the most high end servers can be vulnerable. All that is needed to exploit a server is simply one unpatched component.
First things first, in order to avoid such hassles, you MUST maintain your server appropriately. Just install what is required and simply avoid installation of any unnecessary packages. Always remember, unpatched codes can become a servers weaknesses. And hence, the fewer packages, the lesser are the chances for coming across any unpatched codes which can give rise to issues in the future.
Hence, before you install any third party software package, it is recommended that you read the terms and conditions & then move ahead to install only those elements that are REQUIRED to complete the overall software installation process.
2)DO NOT run unknown services
The second rule to optimize your security level on the Linux architecture is to only run those services that are needed to perform your organizational/individual tasks on your server and on other Linux systems. Many a times there is a tendency that some distros/packages may trigger another service on some other port. This could very well lead to a possible security risk.
So just keep a check on all the services that are running on different ports by applying the following command on the terminal:
netstat -npl
When you use this command, your terminal screen will display all the services that are running on the different ports.
These are some other NETSTAT commands that can always be handy.
Now that you know what all services are running on your ports, you can stop any of the service(s) which you think are not appropriate to be running on your network.
One more thing that you should keep a check on is the number of services that are enabled, which start running when your system starts. For the same, you can use the command on the running systemd:
systemctl list-unit-files --type=service | grep enabled
When you apply this command, you get an output displaying all the services running on your system.This way, if you spot anything fishy, you can always disable it via the terminal itself.
To disable a service, all that you need to do is simply type the command
systemctl disable service_name on your terminal window.And wait for the magic to start thereafter !
3)DO NOT allow easy access to the server;use encryptions to restrict access
Your attitude towards your server should be somewhat like your attitude towards your house. Just the way you are very precautious about your house’s security(which further implies to security of your loved ones and your household things), likewise, you should monitor your server very precautiously to ensure adequate security of your data. After all it’s all about the information and hence, security matters. So try to restrict your server access to only the necessary people. The Server is the root , you have to not let it down in order to avoid any unwanted memory dump and rootkit attacks.
4)DO NOT login as ROOT
One thing that is always discouraged by the experts is to ssh into server as a superuser.You can disbale ssh as root user by implementing a series of terminal commands. But before that, here is a way to create a user having access to some SUDO elements.This will help to ssh in to the server and perform most of the administrative tasks(as a practice to avoid any root access attacks in future).
As you might be aware, different distributions have different set of parameters to add a user.
Lets take an example of how a user can be added on Ubuntu.
You simply type in the command adduser username. After this, you will be asked a few questions by the system which you need to answer sequentially to create a user password.
Once done,the next thing that you’d need to do is to provide your user with some sudo powers.
So you run the command : gpasswd -a username sudo.
Comments
Post a Comment