Skip to content

Security

Understanding the Components

  • Kernel Security: The core of Linux security, involving mechanisms like namespaces, cgroups, and security modules (SELinux, AppArmor) to isolate and control resources.
  • User Authentication: Managing who can access the system, focusing on password policies, SSH keys, and advanced methods like two-factor authentication.
  • File System Security: Enforcing who can read, write, or execute files through permissions, ACLs (Access Control Lists), and encryption for data at rest.
  • Network Security: Controlling incoming and outgoing traffic with firewalls (iptables, firewalld), securing data in transit (SSL/TLS), and reducing exposure (disabling unused services, ports).

Authentication

Authentication verifies the identity of a user or process, establishing who can log in or access the system.

Components & Methods:

  1. Login Credentials
    • The standard method involving username and password verification.
    • Managed through /etc/passwd for user information and /etc/shadow for encrypted passwords.
  2. PAM (Pluggable Authentication Modules)
    • A framework that integrates multiple authentication methods, from standard password authentication to more complex mechanisms like OTPs.
    • Configurable via /etc/pam.d/ directory.
  3. SSH Keys
    • Used for secure, password-less remote access, relying on public-private key cryptography.
    • Keys are stored in ~/.ssh/authorized_keys for users.
  4. Two-Factor Authentication (2FA)
    • Adds an extra layer of security by requiring a second form of verification (e.g., a text message code or an app-generated code) along with the password.
  5. Kerberos
    • A network authentication protocol that uses tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.

Authorization

Authorization determines the access level or permissions of an authenticated user or process, specifying what they can do within the system.

Components & Methods:

  1. File Permissions
    • Determines access rights to files and directories based on ownership (user, group) and others, using read, write, and execute permissions.
  2. Sudoers Configuration
    • Controls which users/groups can execute commands as other users via the sudo command, defined in /etc/sudoers or /etc/sudoers.d/.
  3. Access Control Lists (ACLs)
    • Provides more fine-grained access control for files and directories beyond the standard user/group/others model, allowing specific permissions for any user or group.
  4. SELinux and AppArmor
    • Mandatory Access Control (MAC) systems that enforce security policies, limiting what processes can access and do, regardless of traditional Unix permissions.
  5. Capabilities
    • A feature that divides the powers of the root user into distinct privileges, which can be independently assigned to or removed from processes, allowing for more granular control over system permissions.

Security Patterns and Best Practices

1. The Principle of Least Privilege - Pattern: Ensure entities (users, programs, processes) have only the minimal permissions necessary to perform their tasks. - Implementation: Run services with non-root users, use sudo for administrative tasks, and apply strict filesystem permissions.

2. Immutable Infrastructure - Pattern: Systems are replaced rather than changed. If a change is needed, a new version of the infrastructure is deployed and replaced atomically. - Implementation: Use containerization (Docker) and orchestration tools (Kubernetes) to deploy applications, ensuring a consistent and secure environment that can be quickly replaced if compromised.

3. Defense in Depth - Pattern: Employ multiple layers of security so that if one layer fails, others still protect the system. - Implementation: Combine SELinux/AppArmor, firewalls, and intrusion detection systems. Encrypt data at rest and in transit.

4. Regular Auditing and Monitoring - Pattern: Continuous evaluation of system security to identify and rectify potential vulnerabilities. - Implementation: Use auditd for auditing, employ log management tools (ELK stack, Graylog) for monitoring, and conduct regular vulnerability scanning with tools like OpenVAS.

5. Secure by Default - Pattern: Systems are secure out of the box, requiring changes to decrease security rather than enhance it. - Implementation: Minimize installed packages, disable root SSH login, and apply fail2ban to protect against brute force attacks.

,l;,l,l,,mmmmmmmmmm