How-To

Every Linux system will benefit from more security, especially if it contains sensitive data. With so many resources available on the internet, one might think that securing Linux has become easy. We know it is not.

Linux system hardening takes a good amount of understanding about how the Linux kernel works. It also requires a good understanding of the operating system principles. In this guide, we will help you to get this understanding and provide you with tips and tools. The final result should be a secure Linux server or desktop system.

Years ago it was a challenge to find screenshots of devices running Linux. Nowadays, Linux can power phones, TV’s, computer systems, mainframes, and many more devices. With more devices, the demand for Linux knowledge will continue to grow. At the same time, the demand for security is higher than ever. All the media attention and regulations like GDPR, asks for more Linux security specialists. In this post, the goal is to answer the question: How to become a Linux security expert?

Determine Oracle Linux version

Oracle Linux is based on Red Hat Enterprise Linux. At first, it may be confusing to determine what specific operating system is running. This is because both have the /etc/redhat-release file.

If that file exists, use the cat command to display the contents. Next step is to determine if there is a /etc/oracle-release file as well. If so, then you can be sure that Oracle Linux is running.

The grep command is one of the oldest tools for Linux and other platforms. Actually, it is older than Linux itself. It was written by Ken Thompson more than 45 years ago! The name grep stands for “globally regular expression print”. This name comes from its predecessor ed and the specific mode in which you would globally search, using a regular expression, and print the output. The related command was “g/re/p”. For more history, have a look at the Wikipedia entry. Otherwise, let’s dive into the tool and get to know some practical grep examples for daily usage.

Software updates and package management is easy with systems based on Debian or Ubuntu. Just apt-get update (or apt update) and run an upgrade. But sometimes you may encounter the following situation: a KEYEXPIRED message.

KEYEXPIRED message

# apt-get update && apt-get upgrade  
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB]  
Hit:2 http://nl.archive.ubuntu.com/ubuntu xenial InRelease  
Get:3 http://nl.archive.ubuntu.com/ubuntu xenial-updates InRelease [95.7 kB]  
Hit:4 http://nl.archive.ubuntu.com/ubuntu xenial-backports InRelease  
Hit:5 https://packages.cisofy.com/community/lynis/deb stable InRelease  
Get:6 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [373 kB]  
Ign:7 http://nginx.org/packages/mainline/ubuntu xenial InRelease  
Get:8 http://nginx.org/packages/mainline/ubuntu xenial Release [2,309 B]  
Get:9 http://nginx.org/packages/mainline/ubuntu xenial Release.gpg [287 B]  
Get:10 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages [368 kB]  
Get:11 http://nl.archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [319 kB]  
Get:12 http://nl.archive.ubuntu.com/ubuntu xenial-updates/universe i386 Packages [316 kB]  
Err:9 http://nginx.org/packages/mainline/ubuntu xenial Release.gpg  
The following signatures were invalid: KEYEXPIRED 1471427554  
Fetched 1,566 kB in 0s (2,003 kB/s)  
Reading package lists… Done  
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://nginx.org/packages/mainline/ubuntu xenial Release: The following signatures were invalid: KEYEXPIRED 1471427554  
W: Failed to fetch http://nginx.org/packages/mainline/ubuntu/dists/xenial/Release.gpg The following signatures were invalid: **KEYEXPIRED** 1471427554  
W: Some index files failed to download. They have been ignored, or old ones used instead.  
Reading package lists… Done  
Building dependency tree  
Reading state information… Done  
Calculating upgrade… Done  
The following packages will be upgraded:  
apparmor libapparmor-perl libapparmor1 python3-distupgrade python3-software-properties software-properties-common ubuntu-release-upgrader-core  
7 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.  
Need to get 0 B/672 kB of archives.  
After this operation, 5,120 B of additional disk space will be used.  
Do you want to continue? [Y/n] y

The KEYEXPIRED shows that validation failed on the related repository signature. This is a good thing, to warn us that we should be checking the repository. With an expired key, the solution is simple: we need to download an updated key. Apparently it is for the nginx repository.

Did you come across a file, but don’t know what type it is? Let’s learn how to analyze it.

The unknown file

You may encounter a file on your system with known contents or goal. Usually, the first thing we do is then use cat to show the contents, or execute it. While that makes sense, it may be dangerous to do. It might be a piece of malware, disrupt your screen output or even hang the terminal. Here is a better way to do it, using the file command. Great for forensics, malware analysis, intrusion detection, and normal day-to-day system administration.