So, you may be asking yourself, "Why do I need to study Linux security? Isn't Linux already secure? After all, it's not Windows." But, the fact is, there are many reasons.
It's true that Linux has certain advantages over Windows when it comes to security. These include:
- Unlike Windows, Linux was designed from the ground up as a multiuser operating system. So, user security tends to be a bit better on a Linux system.
- Linux offers a better separation between administrative users and unprivileged users. This makes it a bit harder for intruders, and it also makes it a bit harder for a user to accidentally infect a Linux machine with something nasty.
- Linux is much more resistant to virus and malware infections than Windows is.
- Certain Linux distributions come with built-in mechanisms, such as SELinux in Red Hat and CentOS and AppArmor in Ubuntu, which prevents intruders from taking control of a system.
- Linux is a free and open source software. This allows anyone who has the skill to audit Linux code to hunt for bugs or backdoors.
But, even with those advantages, Linux is just like everything else that's been created by mankind. That is, it isn't perfect.
Here are the topics that we'll cover in this chapter:
- Why every Linux administrator needs to learn about Linux security
- A bit about the threat landscape, with some examples of how attackers have, at times, been able to breach Linux systems
- Resources for keeping up with IT security news
- How to set up Ubuntu Server and CentOS virtual machines with VirtualBox, and how to install the EPEL repository in the CentOS virtual machine
- How to create virtual machine snapshots
- How to install Cygwin on a Windows host so that Windows users can connect to a virtual machine from their Windows hosts
If you've kept up with IT technology news over the past few years, you'll likely have seen at least a few articles about how attackers have compromised Linux servers. For example, while it's true that Linux isn't really susceptible to virus infections, there have been several cases where attackers have planted other types of malware on Linux servers. These cases have included:
- Botnet malware: It causes a server to join a botnet that is controlled by a remote attacker. One of the more famous cases involved joining Linux servers to a botnet that launched denial-of-service attacks against other networks.
- Ransomware: It is designed to encrypt user data until the server owner pays a ransom fee. But, even after paying the fee, there's no guarantee that the data can be recovered.
- Cryptocoin mining software: It causes the CPUs of the server on which it's planted to work extra hard and consume more energy. Cryptocoins that get mined go to the accounts of the attackers who planted the software.
And, of course, there have been plenty of breaches that don't involve malware, such as where attackers have found a way to steal user credentials, credit card data, or other sensitive information.
Note
Some security breaches come about because of plain carelessness. Here's an example of where a careless Adobe administrator placed the company's private security key on a public security blog: https://www.theinquirer.net/inquirer/news/3018010/adobe-stupidly-posts-private-pgp-key-on-its-security-blog.
Regardless of whether you're running Linux, Windows, or whatever else, the reasons for security breaches are usually the same. They could be security bugs in the operating system, or security bugs in an application that's running on that operating system. Often, a bug-related security breach could have been prevented had the administrators applied security updates in a timely manner.
Another big issue is poorly-configured servers. A standard, out-of-the-box configuration of a Linux server is actually quite insecure and can cause a whole ton of problems. One cause of poorly-configured servers is simply the lack of properly-trained personnel to securely administer Linux servers. (Of course, that's great news for the readers of this book, because, trust me, there's no lack of well-paying, IT security jobs.)
As we journey through this book, we'll see how to do business the right way, to make our servers as secure as possible.
If you're in the IT business, even if you're not a security administrator, you want to keep up with the latest security news. In the age of the internet, that's easy to do.
First, there are quite a few websites that specialize in network security news. Examples include Packet Storm Security and The Hacker News. Regular tech news sites and Linux news websites, such as The INQUIRER, The Register, ZDNet, and LXer also carry reports about network security breaches. And, if you'd rather watch videos than read, you'll find plenty of good YouTube channels, such as BeginLinux Guru.
Finally, regardless of which Linux distribution you're using, be sure to keep up with the news and current documentation for your Linux distribution. Distribution maintainers should have a way of letting you know if a security problem crops up in their products.
Note
Links to security news sites are as follows:
- Packet Storm Security: https://packetstormsecurity.com/
- The Hacker News: http://thehackernews.com/
Links to general tech news sites are as follows:
- The INQUIRER: https://www.theinquirer.net/
- The Register: http://www.theregister.co.uk/
- ZDNet: http://www.zdnet.com/
You can check out some general Linux learning resources as well. Linux News Site:
- LXer: http://lxer.com/
- BeginLinux Guru on YouTube: https://www.youtube.com/channel/UC88eard_2sz89an6unmlbeA
(Full disclosure: I am the BeginLinux Guru.)
One thing to always remember as you go through this book is that the only operating system you'll ever see that's totally, 100% secure will be installed on a computer that never gets turned on.
Whenever I write or teach, I try very hard not to provide students with a cure for insomnia. Throughout this book, you'll see a bit of theory whenever it's necessary, but I mainly like to provide good, practical information. There will also be plenty of step-by-step hands-on labs.
The best way to do the labs is to use Linux virtual machines. Most of what we'll do can apply to any Linux distribution, but we will also do some things that are specific to either Red Hat Enterprise Linux or Ubuntu Linux. (Red Hat Enterprise Linux is the most popular for enterprise use, while Ubuntu is most popular for cloud deployments.)
Note
Red Hat is a billion-dollar company, so there's no doubt about where they stand in the Linux market. But, since Ubuntu Server is free-of-charge, we can't judge its popularity strictly on the basis of its parent company's worth. The reality is that Ubuntu Server is the most widely-used Linux distribution for deploying cloud-based applications. See here for details: http://www.zdnet.com/article/ubuntu-linux-continues-to-dominate-openstack-and-other-clouds/.
Since Red Hat is a fee-based product, we'll substitute CentOS 7, which is built from Red Hat source code and is free-of-charge. There are several different virtualization platforms that you can use, but my own preferred choice is VirtualBox.
VirtualBox is available for Windows, Linux, and Mac hosts, and is free of charge for all of them. It has features that you have to pay for on other platforms, such as the ability to create snapshots of virtual machines.
Some of the labs that we'll be doing will require you to simulate creating a connection from your host machine to a remote Linux server. If your host machine is either a Linux or a Mac machine, you'll just be able to open the Terminal and use the built-in Secure Shell tools. If your host machine is running Windows, you'll need to install some sort of Bash shell, which we'll do by installing Cygwin.
For those of you who've never used VirtualBox, here's a quick how-to to get you going:
Download and install VirtualBox and the VirtualBox Extension Pack. You can get them from: https://www.virtualbox.org/.
Download the installation
.isofiles for Ubuntu Server and CentOS 7. You can get them from: https://www.ubuntu.com/ and https://www.centos.org/.
- Start VirtualBox and click the
Newicon at the top of the screen. Fill out the information where requested. Increase the virtual drive size to 20 GB, but leave everything else as the default settings:
- Start the new virtual machine. Click on the folder icon at the bottom-left corner of the dialog box and navigate to the directory where you stored the
.isofiles that you downloaded. Choose either the Ubuntu.isofile or the CentOS.isofile as shown in the following screenshot:
- Click the
Startbutton on the dialog box to start installing the operating system. Note that, for Ubuntu Server, you won't be installing a desktop interface. For the CentOS virtual machine, choose either the KDE desktop or the Gnome desktop, as you desire. (We'll go through at least one exercise that will require a desktop interface for the CentOS machine.) - Repeat the procedure for the other Linux distribution.
- Update the Ubuntu virtual machine by entering:
sudo apt update sudo apt dist-upgrade
- Hold off on updating the CentOS virtual machine because we'll do that in the next exercise.
Note
When installing Ubuntu, you'll be asked to create a normal user account and password for yourself. It won't ask you to create a root user password, but will instead automatically add you to the sudo group so that you'll have admin privileges.
When you get to the user account creation screen of the CentOS installer, be sure to check the Make this user administrator box for your own user account, since it isn't checked by default. It will offer you the chance to create a password for the root user, but that's entirely optional—in fact, I never do.
The user account creation screen of CentOS installer is shown as follows:
While the Ubuntu package repositories have pretty much everything that you need for this course, the CentOS package repositories are—shall we say—lacking. To have the packages that you'll need for the CentOS hands-on labs, you'll need to install the EPEL (Extra Packages for Enterprise Linux) repository. (The EPEL project is run by the Fedora team.) When you install third-party repositories on Red Hat and CentOS systems, you'll also need to install a priorities package, and edit the .repo files to set the proper priorities for each repository. This will prevent packages from the third-party repository from overwriting official Red Hat and CentOS packages if they just happen to have the same name. The following steps will help you install the required packages and edit .repo file:
- The two packages that you'll need to install EPEL are in the normal CentOS repositories. Run the command:
sudo yum install yum-plugin-priorities epel-release- When the installation completes, navigate to the
/etc/yum.repos.ddirectory, and open theCentOS-Base.repofile in your favorite text editor. After the last line of thebase,updates, andextrassections, add the line,priority=1. After the last line of thecentosplussection, add the line,priority=2. Save the file and close the editor. Each of the sections that you've edited should look something like this (except with the appropriate name and priority number):
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?
release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/
$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
priority=1- Open the
epel.repofile for editing. After the last line of theepelsection, add the line,priority=10. After the last line of each remaining section, add the line,priority=11. - Update the system and then create a list of the installed and available packages by running:
sudo yum upgrade sudo yum list > yum_list.txt
Some of our training scenarios will require you to simulate creating a connection to a remote server. You would do this by using your host machine to connect to a virtual machine. When you first create a virtual machine on VirtualBox, the networking is set to NAT mode. In order to connect to the virtual machine from the host, you'll need to set the virtual machine's network adapter to Bridged Adapter mode. Here's how you can do this:
- Shut down any virtual machines that you've already created.
- On the VirtualBox manager screen, open the
Settingsdialog for a virtual machine. - Click the
Networkmenu item, and change theAttached tosetting fromNATtoBridged Adapter:
- Expand the
Advanceditem, and change thePromiscuous Modesetting toAllow All:
- Restart the virtual machine and set it to use a static IP address.
One of the beautiful things about working with virtual machines is that you can create a snapshot and roll back to it if you mess something up. With VirtualBox, that's easy to do.
At the top, right-hand corner of the VirtualBox manager screen, click the
Snapshotsbutton:
- Just left of mid-screen, you'll see a camera icon. Click on that to bring up the snapshot dialog box. Either fill in the desired
Snapshot Name, or accept the default name. Optionally, you can create a description:
- After you've made changes to the virtual machine, you can roll back to the snapshot by shutting down the virtual machine, then right-clicking on the snapshot name, and selecting the proper menu item:
If your host machine is either a Linux or Mac machine, you'll simply open the host's Terminal and use the tools that are already there to connect to the virtual machine. But, if you're running a Windows machine, you'll want to install some sort of Bash shell and use its networking tools. Windows 10 Pro now comes with a Bash shell that's been provided by the Ubuntu folk and you can use that if you desire. But, if you don't have Windows 10 Pro, or if you prefer to use something else, you might consider Cygwin.
Cygwin, a project of the Red Hat company, is a free open source Bash shell that's built for Windows. It's free-of-charge, and easy to install.
Here's a quick how-to to get you going with Cygwin:
In your host machine's browser, download the appropriate
setup*.exefile for your version of Windows from: http://www.cygwin.com/.- Double-click on the setup icon to begin the installation. For the most part, just accept the defaults until you get to the package selection screen. (The one exception will be the screen where you select a download mirror.)
- At the top of the package selection screen, select
Categoryfrom theViewmenu:
- Expand the
Netcategory:
- Scroll down until you see the openssh package. Under the
Newcolumn, click onSkip. (This causes a version number to appear in place of theSkip.):
- After you have selected the proper package, your screen should look like this:
- In the bottom right-hand corner, click
Next. If aResolving Dependenciesscreen pops up, clickNexton it as well. - Keep the setup file that you downloaded, because you'll use it later to either install more software packages, or to update Cygwin. (When you open Cygwin, any updated packages will show up on the
Pendingview onViewmenu.) - Once you open Cygwin from the Windows Start menu, you can resize it as you desire, and use either the Ctrl + + or Ctrl + - key combinations to resize the font:
So, we've made a good start to our journey into Linux security and hardening. In this chapter, we looked at why it's just as important to know about securing and hardening Linux systems as it is to know how to secure and harden Windows systems. We provided a few examples of how a poorly-configured Linux system can be compromised, and we mentioned that learning about Linux security could be good for your career. After that, we looked at how to set up a virtualized lab environment using VirtualBox and Cygwin.
In the next chapter, we'll look at locking down user accounts, and ensuring that the wrong people never get administrative privileges. I'll see you there.
