Open-Source Security Hardening
Open-source refers to the licensed computer software, that can be developed collaboratively, and available for anyone to use, modify, and distribute for any purpose with its original rights. Ex: GNU/Linux, VNC, Apache web server, Libber office, VLC media player, jQuery.
An open-source operating system is an operating system where the source code is publicly visible and can be accessed and edited by anyone. Linux kernel which is created by Linux Torvalds is the largest open-source software project in the world.
Linux Systems become more complex as they consist of a large number of components assembled together. Therefore, it is more prone to security threats. So it is important to perform OS Hardening in order to prevent malicious operations that run on the system through its components and ensure the Data Security of the system.
What is OS hardening?
Simply, OS Hardening refers to the process of making it difficult to break an operating system. That is, implementing advanced security measures to secure a server’s operating system by installing updates, patches, and service packs.
The importance of Linux security arises under two reasons as internal -to protect from users’ own mistakes and external -to serve outside services such as, HTTP and ftp. OS hardening is important to protect data, system resources, and application workflows, to control management, and to reduce human errors.
Security hardening Tools
Tools use to do system analysis or make system modifications fall under the category of security hardening Tools. These are commonly used for configuration auditing and system hardening by Auditors, security specialists, and system administrators.
Kali Linux: A Debian-based Linux distribution, that provides a wide range of free software, cybersecurity utilities, and penetration testing tools. As Kali Linux uses WSL (Windows Subsystem for Linux), users have the ability to run Linux-enabled files directly from a Windows 10 system. This consists of several tools which are oriented towards various information security tasks, and also it supports the Android operating system, Raspberry Pi, Beaglebone, HP, and Samsung Chromebook.
Bastille Linux: The most popular hardening tool for Linux and HP-UX. This provides an interactive tool to improve the security of Ubuntu systems and reduce their susceptibility to compromise.
Nikto: A website vulnerability tool that scans for dangerous files/CGIs, outdated server software, and other security issues. It performs generic and server type-specific checks and detects installed web servers and software.
OSSEC: A scalable and multi-platform HIDS (Host-based Intrusion Detection System) which performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, and time-based alerting. OSSEC prevents cyberattacks and system changes, integration with content delivery networks (CDN), and firewall policies.
Wireshark: A security protocol analysis tool that enables a security professional to monitor the network at a microscopic level. It can be used in multiple platforms, such as Windows, Linux, MacOS, Solaris, FreeBSD, and NetBSDS, and supports offline analysis of data and decodes such as IPsec, ISAKMP, Kerberos, SNMPv3.
Keypass: A password manager, which stores passwords in a secure way in one database, locked with a single master key, when users having multiple passwords in different accounts or different websites. These database files are encrypted using the most secure encryption algorithms such as AES-256, ChaCha20, and Twofish.
Securing User Environment, Filesystem, and System Network
As Linux is a multi-user operating system, several users may use a single machine at a time. Therefore, one of the most important components of system administration on a Linux machine is managing users and groups. In Linux, the useradd command is used to add a new user account to Linux, and the userdel command is used to delete a user account. And groupadd and groupdel commands are used to add and remove groups.
/etc/passwd: A plain text-based file that contains records of every registered user who access the system. It is consists of a user name, password, and user ID.
/etc/group: ASCII file that contains a list of groups where each group is assigned a single line.
/etc/shadow: Passwords are stored in an encrypted format in order to increase the security level of passwords.
/etc/login.def Files: This provides a specific configuration of user account parameters (for shadow password suits).
The security of user accounts can be ensured by Setting up Password Policies, Restricting root Login, Disabling SSH Access for Specific Users, Implementing UID/GID Policies, Centralizing Authentication Services, using sudo Access, and, monitoring User Activities.
Linux Security Mode is very robust, as it is based on the one used in Unix systems. Users who are not the user owner or members of the group owning the file can have read, write, and execute permissions given or refused on a Linux system. So it is necessary to secure Linux Filesystems. To set more personalized permissions on files, access control lists are used on Linux filesystems. ACL provides additional and more flexible control over who can read, write, and process a file. This can be authorized for named users or named groups in addition to the standard file owner, group owner, or for users and groups identified by UID or GUID.
permission flags used in UNIX to set permissions for file or directory are,
r -read, w -write, and x-execute.
In Linux network security, it is important to minimize or eliminate unwanted network communications and to allow legitimate communications to flow freely. A system based set of user-defined rules, a firewall is used a for that purpose. The firewall management tool for Linux operating systems is called firewalld. It acts as a front-end for the Linux kernel’s netfilter framework.
According to the surveys, as human error is the leading cause of cybersecurity breaches, Security policies and procedures for Linux operating systems must be evaluated and updated on a regular basis. Regularly installing, modifying, or updating anti-virus or malware on a system with a good firewall can minimize an attack and protect the network.
