Enterprise open source Toolkit

Securely setting up a Linux PC

Tags:
Security,
Configuring,
Open Source,
Installation

TechRepublic Tech Republic

Published: 14 Dec 2005 12:40 GMT

No matter which Linux distribution you choose, there are at least 10 things you do to properly prepare the operating system for connection to the Internet.

1. Your purpose
Linux, like Microsoft Windows, is simply a computer operating system but Linux in itself is not a magic wand that can be waved and make all sorts of computing problems disappear. While Windows has its own set of problems, so too does Linux. There is no such thing as a perfect or completely secure computer operating system. Whether the machine will be a desktop computer or a server; purpose is a key to understanding how to initially install and configure your Linux PC.

2. Installation
Unlike Windows, Linux does not present itself as a "server" version or as a "desktop" version. During a typical installation of Linux the choice is yours as to exactly what software you wish to install and therefore exactly what type of a system you are constructing. Because of this, you need to be aware of the packages that the installation program is installing for you. For example, some distributions will configure and start a Samba server or a mail server as part of the basic install. Depending upon the purpose of your Linux PC and the security level you are prepared to accept, these services may not be needed or desired at all. Taking the time to familiarise yourself with your distributions' installer can prevent many headaches and/or reinstalls further down the road.

3. Install and configure a software firewall
A local software firewall can provide a "just in case" layer of security to any type of network. These types of firewalls allow you to filter the network traffic that reaches your PC and are quite similar to the Windows Firewall. The Mandriva package called Shorewall along with a component of the Linux kernel called Netfilter provides a software firewall. By installing and configuring Shorewall during the installation process, you can restrict or block certain types of network traffic, be it coming to or going out from your PC.

To access and configure your firewall for Mandriva simply run the mcc (or Mandriva Control Centre) command from a command prompt or, depending upon your graphical environment, you may be able to access the Mandriva Control Centre from your base system menu. In the security options, select the firewall icon and you will be presented with a list of common applications that may need access through your firewall. For example, checking the box for "SSH server" will open port 22 needed by the Secure Shell server for secure remote access. There is also an advanced section which will allow you to enter some less commonly used ports. For example, entering "8000/tcp" will open port 8000 on your PC to TCP-based network traffic.

Blocking or allowing network traffic is one layer of security, but how do you secure a service that you do allow the Internet or your intranet to connect to? Host based security is yet another layer.

4. Configuring the /etc/hosts.deny and /etc/hosts.allow files
In the preceding section we looked at the example of opening the Secure Shell service to network traffic by opening port 22 on our firewall. To further secure this server from unwanted traffic or potentially hackers, we may wish to limit the hosts or computers that can connect to this server application. The /etc/hosts.deny and /etc/hosts.allow files allow us to do just that.

When a computer attempts to access a service such as a secure shell server on your new Linux PC the /etc/hosts.deny and /etc/hosts.allow files will be processed and access will...

For more, click here...