Overall, the Linux operating system is very secure, but the applications, tools, and configurations administrators install create risks to the environment. Linux powers 75% of the internet, and it’s installed on 6.64 million web servers. Because Linux powers critical systems around the globe, it’s imperative that administrators take the necessary steps to harden the operating system’s security. Although Linux is inherently secure, several configurations and strategies help harden its defenses and reduce the risk of a compromise. This article goes over the following questions:
- Why security in Linux is important
- How to secure Linux servers?
- Why is Operating System Security Hardening Required?
Why Security in Linux is Important
Linux security is important because Linux is so popular with web servers, attackers write custom scripts targeting the operating system to scan for known vulnerabilities and exploit them. For example, web server response headers return critical information about the host, including the server operating system, unless administrators follow the OWASP suggestion to hide this information.
With the Linux distribution and version in hand, attackers can then launch targeted attacks against a web server. If the Linux version has known vulnerabilities, an attacker can either download pre-made scripts or craft an exploit of their own. In other words, a combination of returning information about the Linux version running on the server and running outdated software leaves the web server open to exploits. Kernel vulnerabilities are serious threats to the stability of the web, and they can have critical consequences. Vulnerabilities such as Dirty Cow and SACK Panic gave attackers elevated privileges or a denial-of-service (DoS), and these issues were just two examples that could lead to critical data breaches or downtime.
Kernel vulnerabilities aren’t the only source of vulnerabilities. Third-party applications also introduce vulnerabilities and give attackers the opportunity to steal data. Heartbleed was discovered in 2014 and continues to be a problem for older unpatched Linux-based servers allowing threat actors to steal data in a buffer underflow exploit. The vulnerability was found in several older versions of OpenSSL, commonly used as an encryption library on Linux servers.
How to Secure Linux Servers?
With numerous vulnerabilities open to attackers, it’s critical for administrators to be aware of their attack surface and the risks involved with default settings on Linux and any third-party applications that could cause issues. You can’t decrease risk by 100%, but you can take the right precautions and perform hardening on the operating system regardless of the distribution installed.
Here are a few tips for hardening security in Linux:
- Install only necessary packages. It’s tempting to install every package you think might be useful in the future, but the more packages you install on a server, the more risk you add. For example, if you don’t need to host DNS, then you shouldn’t install DNS packages or leave its service ports open (53).
- Use an alternative to root. Although root is a target for any threat actor, it’s especially risky on public-facing servers. Instead of leaving the root user active, you can create a new user and elevate its privileges on the server. After elevating privileges, you can reduce them on root or disable the account.
- Enforce password security. Password length and complexity defend against brute-force dictionary attacks. Passwords for critical accounts should be at least 12 characters and rotated frequently. Many administrators know the importance of password complexity, but they don’t have a rotation schedule. Passwords should be rotated frequently to reduce the window an attacker has to compromise a system should your password get leaked or brute-forced.
- Secure SSH. Gaining access to SSH could give an attacker full control over the server, so securing it should be a priority. You can make several changes on the server to ensure that SSH is secure. Here are a few ways to secure SSH:
Generate cryptographic keys and upload them to your server using the following commands:
$ ssh-keygen -t rsa
$ ssh-copy-id <username>@ip_address
Using cryptographic keys instead of passwords makes it harder for a threat actor to use brute-force attacks on credentials.
After you generate and upload cryptographic keys, you can disable password authentication in the /etc/ssh/sshd_config file. The following two directives should be configured to “no” in the configuration file:
- Block booting from external devices. Most administrators think of virtual attacks, but physical attacks are possible too. Piggybacking (or tailgating) is one method used to gain physical access to servers. Booting servers with a USB device provides attackers with numerous ways to run their own malware or steal data. To disable booting from a USB device, run:
# chmod 000 /media/
Note: This does not fully secure a system when the attacker has physical access to it.
- Install and validate the server’s firewall. A firewall will help stop both incoming and outgoing attacks. The firewall on Linux will close off popular ports used in exploits. To install the firewall, use the following command:
$ sudo apt install ufw
After you install the firewall, use the following command to enable it:
$ sudo ufw enable
You can see the services enabled and running your server by using the following command:
$ sudo ufw status
- Update software regularly. Outdated software is one of the most common vulnerabilities responsible for system compromise. Ransomware attacks are high on the list of risks, especially in recent years, and they account for 46.4% of the breaches. Outdated software can lead to successful ransomware attacks, data breaches, remote code execution, server compromise, and many other risks that could result in revenue and reputation loss for the organization. By updating software regularly, you apply critical security patches to your server software that remediates the vulnerability.
Why is Operating System Security Hardening Required?
The Linux operating system is secure, but the installation process configures it with default settings. Attackers are aware of each distribution’s default settings, and some settings make the server vulnerable to exploits. For example, the default settings for SSH weaken security on the system, which is why it’s important to harden security on a server that runs SSH.
With the default configurations in place, attackers know exactly how your server is set up and runs. The harder you make it for attackers to figure out how a server is configured, the more layers of security you add to your environment. Another example is disabling or reducing root privileges. Attackers target the root user account since it’s the well-known highest privileged user. When it’s reconfigured, you put a wrench in their works and force them to discover the alternative account.
Hardening the operating system is important for the security of your server and safeguarding user data. To stay ahead of attackers, configure Linux with custom configurations that make it more difficult for attackers to scan the system and exploit common vulnerabilities to add layers of security to your server. You can’t ensure 100% security on any system, but hardening the operating system greatly reduces risks associated with cyber-attacks. Learn how to take advantage of Linux server security with Imunify360 and discover how it is different from other security tools.