Security Defenses to Fortify your Linux Systems

Create a Linux security fortress; implementing security defenses using towers, bridges, and guards.

Still many companies have difficulties implementing basic security measures. Even after years of websites being defaced, and customer records stolen, the same mistakes are made over and over again. While this all might sound like an unsolvable situation, information security is getting attention from more people. If you are responsible for the system management of Linux systems, ignoring security is no longer an option.

The issue with security is that you can measure insecurity, yet not properly measure the level of security. This leads to a situation in which companies simply not knowing what to do, or when it is enough. Still by applying a few basic principles, we can fortify our systems and make our defenses more resistant against common attacks.

Risk Management

Security boils down to understanding risk. From management level, down to the system administrator, everyone is in control of some aspects of risk. We might choose to accept risks (do nothing), reduce them (implement measures), or move them to others (e.g. insurance). Finally, we can decide to skip risk, and not pursuit some action at all. These principles of risk management also apply to our Linux systems. It requires understanding of risks and threats, to allow us selecting the right measures and enhance our existing defenses.

In the world of IT, ignoring common threats like malware and exploiting software weaknesses is usually no longer an option. Knowing risks and threats is what makes us well informed, resulting in making better decisions and spending our precious time more wisely.

Linux and Security Risks

Like any operating system, Linux also has threats which might badly impact the confidentiality, integrity and availability of our data. The chance to find a trojan horse on the system is lower than on a Windows system, but the risk is still there. To counter threats to our precious Linux systems, we can very well compare them with a fortress. Like any good fortress, it needs to be designed, build and maintained properly. So let’s move on and let our Linux systems be equal to building a fortress.

Building the Fortress

To build a fortress, you will need strong towers. They act as a defensive measure and increase the strength of the overall structure. On top of that, they help with monitoring the environment. Consider the towers as your primary goals, the walls as normal ongoing business (deploying systems, monitoring, adding/removing users, etc).

A fortress does not only exist of walls and towers. There are guards to monitor, and bridges to make something possible (e.g. cross over).

Tower 1: System Hardening

The first tower is strongly related to system deployment. When installing Linux systems, go for system hardening at day 1. This can be achieved by only doing a “minimal installation”, to reduce the fingerprint of the system. It saves installation time, storage space and limits the amount of possible weaknesses.

System hardening is not something you just do at installation time. There is the post-installation phase, in which you start enabling new services, like deploying your favorite monitor tool. Keep your post-installation tidy and clean.

Guards (monitoring):

  • Use automation tools like Ansible, Cfengine, Chef and Puppet

Bridges (enhance):

  • Automate your (post-)installation process
  • Minimal installations
  • Remove unneeded components

Tower 2: Software Patching

The second tower focuses on software components. After installation, software packages need to be maintained. Software is like the bricks in the walls. If you don’t maintain them, they crack open and introduce additional weaknesses.

Unfortunately still many companies fail to properly keep software up-to-date. Administrators are scared to implement patches, due to the chance of things end up broken. Good testing helps with reducing this risk, while keeping the fortress stable.

Guards:

  • Software version monitoring
  • Vulnerability scanning

Bridges:

  • Software patching solution
  • Build/test platform for (automatic) security patching

Tower 3: Integrity Checking

Next tower consists of performing integrity checking. Like a fortress, we should ensure that unexpected parts are quickly discovered. In this case, it could be an unknown guard among our own troops, or malfunctioning chains to open and close the central bridge. Comparing this to our Linux system, a guard could be a process or binary on disk. Do some of them look strange or are they replaced with different files? It might be the work of a digital intruder. Similar to the bridge, common processes which malfunction and crash might be showing the signs of bad system integrity.

Guards:

  • Implement file integrity monitoring with tools like AIDE
  • Check for malware (ClamAV, OSSEC, rkhunter)

Bridges:

  • Keep software packages up-to-date
  • Perform sometimes a system reboot
  • Don’t use external components if not really needed for proper functioning

Tower 4: System Auditing

Like guards patrolling the fortress, and scouts doing field work, we should also check our systems on a regular basis. Consider it health checks, to ensure our measures are still working. For a fortress, it could be lifting the bridge and inspecting the chains. Or checking the food supply, for times when resources will be scarce. In the world of Linux systems, we have to check our software configurations. Check if main processes are still running as expected, and log files created and filled properly.

Guards:

  • Review log files
  • Check software configurations
  • Have an external auditor or colleague do an analysis

Bridges:

  • Implement continuous auditing and monitoring tools (scripts, Lynis)
  • Implement system hardening
  • Centralized syslog server

Conclusion

Linux systems can be fortified to reduce the most common attacks. Internal and external attackers can quickly weaken your defenses. From patch management to regular audits, integrity checking, and system hardening, they are all needed to form the pillars of a healthy construction. Your Linux system is not very different from the fortress of the medieval times.

Good luck with building your digital fortress and keep your security defenses strong!

Feedback

Small picture of Michael Boelen

This article has been written by our Linux security expert Michael Boelen. With focus on creating high-quality articles and relevant examples, he wants to improve the field of Linux security. No more web full of copy-pasted blog posts.

Discovered outdated information or have a question? Share your thoughts. Thanks for your contribution!

Mastodon icon