Securing Linux
by Aleksandar Stancin - for Help Net Security
Here we go again. I decided to write another article concerning some overall security aspects of installing and running linux. To keep it short and simple, here are some good pointers to enhancing your system's security. But remember, there's no absolute security, so keep your eyes open, subscribe yourself to a few good mailing lists, and keep your software up-to-date.


Good partitioning does a lot of good to your system's security as it greatly simplifies your admin duties in case of a system crash and data recovery. You can create various partitions, and have them set as read-only, nosuid or similar. By having a partition mounted as nosuid you can simply address the SUID issue, generally connected to buffer overflows and obtaining a root shell or some other possibile security compromising flaws. More about the SUID issue can be read here. If you plan to run an FTP server, setting that partition would save you a lot of trouble in the future, as it is in read-write mode, but no suid programs can be run from it. The same can be said for mounting a partition read-only, or ro. You can always alter these settings, wich are located in /etc/fstab, for any of your block devices. Of course, 'man fstab(5)' and 'man mount(8)' are your good friends to get a grip on all possible options when mounting a filesystem. /etc/fstab is human readable, so you'll easy get into it.

Generally speaking, putting linux, or any other OS on a single partition is a major administration no-no, and with any multiuser, multitasking os, is asking for trouble, sooner or later. So, whenever possible, create at least these partitions, with sizes of your choices:
  • / - which needs little space, but will house all of your other directories if you do not create them as stand-alone partitions,so consider that also before creating it

  • /usr - houses most of your software, so you might consider allocating a lot of space here,

  • /home - is the starting point for all users on your system, so allocate space according to the number of users you plan to have

  • /var - which is required for all the administrative logs, mail, usenet news and other.
From a security point, a good thing would be to consider at least having a separate / and a /home partition. This way you can restrict access to some partitions, can easily repair damaged filesystem and keep the system running and so on. It even might be good to keep your temporary data and logs on a separate, RAM partition. That way, no information about your system and all events that took place can be traced, because all the information on the RAM disk is lost when the system is rebooted or shut down. But, you also might consider taring the files before shutting down, and copy them elswhere for later safe reading, if neccessary. It's up to you.

You can always partition your system prior to the installation of any flavour of linux you have chosen, and most of the distributions come already equipped a partitioning tool. However, if you wish to do it yourself before installing linux, you can always do it with any fdisk, 'man fdisk(8)' or run fdisk and type 'm' for reviewing the list of all commands. Of course, there are other tools for partitioning, such as Disk Druid that comes with Red Hat, or Parted, a tool from the GNU foundation that you can find it here.


Relying solely on decent passwords is not a good security measure, but using good passwords reduces the risks of a security breach. So, use password generation utilities, and most of all, educate your users about the significance of good passwords. Sadly, the best passwords are the ones you'll hardly ever remeber right, so it's always a trade-off between security and usability. Usually, this means horrible passwords, written on paper.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 4th