Security

Generally, it is a truism that Unix—and Linux—systems were not designed with security in mind. In fact, Linux is intended to facilitate easy manipulation of data and files in a networked, multiuser environment. By definition, such a system is vulnerable, particularly with an external Internet connection.

Furthermore:

• Linux security is on or off. Either you are the all-powerful superuser, root, or you are not.

• Many important administrative functions are performed outside the kernel—for example, by editing configuration files—where they can easily be tampered with.

So, bear in mind that a Linux server is inherently insecure. In addition, the more secure it is made, the less pleasant and convenient it will be to use.

Given these constraints and conditions, what security measures make sense, particularly in the context of a smaller-scale system?

Following some common sense rules is a good starting place:

• Don't put files on a system connected to the Internet that are likely to be interesting to hackers or your business competitors. If you must store these files, consider naming them in nonobvious ways and encrypting them.

• Become educated about security tools. In particular, use the software freely available at http://www.cern.org, such as tripwire, crack, and COPS (see the "Security utilities" sidebar), to set basic traps for intruders.

• Investigate any unusual activity.

• Make sure that each user has a logon ID, and that logon IDs are not shared.

• Require user passwords.

• Keep the root password secure and change it regularly.

• Make sure that the files /etc/passwd and /etc/group are owned by root and are not world writable.