Linux Security INTRODUCTION

By: Mohamed Gad

Contents • An Introduction to Linux Security

• Understanding User Security

• Understanding File-System Security

• Using Access Control Lists

• Linux Is Secure as You Make It

Introduction to Linux Security

Dennis Ritchie, one of the original developers of the UNIX OS, once said that "UNIX is basically a simple operating system, but you have to be a genius to understand the simplicity." 

User SecurityAt its basic level, Linux implements a user security model that consists of users and groups. A user within the OS has the following characteristics:

• Username. This is the name that the user enters at the login prompt.

• User ID. This is a unique numeric identifier to which the OS maps the username. The user ID is integral to the functioning of the file system.

• Primary group. All the files created by the user will be associated with this group by default.

• Associated groups. These are additional groups that the user belongs to. The user will be able to access files owned by the groups.

File-System Security• Read. This permission allows users to open a file for reading as well as look at

the contents of a directory.

• Write. This permission allows users to open and modify existing files and create new files in a directory. In addition, users can remove or rename an existing file, provided they are the owner of that file.

• Execute. This permission allows users to execute a file, provided it's a program or shell script. This permission also allows users to search directories and change the current directory scope. Keep in mind that the contents of the directory can't be listed unless the read permission is also set.

Besides the permissions just discussed, you can set the Set user ID, Set group ID, and Sticky permissions.

Access Control ListsThe default file-system security model is an all or nothing approach. In other words, all members of a group are affected by a file's permissions. To provide a more granular approach to file-system security, Linux supports access control lists (ACLs). With ACLs, you can define individual user or group permissions for a file (or directory), even if the user or group doesn't correspond to the file's owner or owning group. The ACL implementation in Linux file systems is POSIX compliant. ACLs are often used when a Linux-based file server is replacing a Windows-based file server, which allows Windows administrators to maintain the ACLs that they've come to rely on. In the case of a Linux-based file server, if the file server is integrated into a Windows authentication environment, administrators can continue to use the Windows GUI to manipulate the ACLs. In addition, the Linux OS provides the getfacl and setfacl commands to retrieve and set ACL information, respectively.   

Linux Is Secure as You Make ItIt’s been said that Linux isn't a secure OS. However, it has the tools necessary to implement an appropriate level of security for an implementation environment. 

Example: ClamAV,  Snort, Wireshark, John the Ripper, Nmap, Chkrootkit, Nessus

http://www.pcworld.com/article/224955/7_free_security_tools_for_linux.html

Thanks