A More Secure Linux

Hello readers,

As operating systems go there are preferences worth reviewing, and features worth noting within the world of Linux. Many of my readers use Linux for the same reasons I do, and one of those reasons is security.

How secure is Linux?

Compared to BSD it’s not particularly secure or insecure. It has clear advantages for most users when compared to Windows, and is arguably more secure than a Mac – due in part to the ways most hackers actually compromise an operating system. (Not that this indicates the likelihood of such an attack is necessarily higher strictly due to use.)

When we talk about Linux being more secure, it generally has something to do with how few viruses actually work against Linux. It isn’t true that none do, though it is entirely true that over 99.9% of traditional viruses and most malware in general have literally no effect on any Unix or Linux type environment due to the privelege escalation required to actually compromise such a system.

But does that mean it’s really more secure?

During the installation of most Linux based operating systems, there comes a part where you are offered an opportunity to encrypt certain folders or even partitions; i.e. the home folder, the root folder, etc. This might seem like a sure fire way to prevent anyone from compromising a system but it actually isn’t necessarily more than a slight improvement and an extra step while logging on. The AES type encryption used isn’t different than the kind encrypting your password, which is generally located in /etc/shadow.

What does increase the security of a Linux system is an option to make certain files unchangeable.

How to make a file immutable on Linux

I’m copying a bit from the link above here for quicker implementation’s sake.

Protecting important files

You can protect important files such as:

  • /etc/php.ini
  • /etc/passwd
  • /etc/shadow
  • /etc/group and more

 sudo su (followed by password at prompt)

 chattr +i /etc/shadow <— This snippet makes it impossible to delete or change your password – it should be followed immediately with chattr +i /etc/group and optionally chattr +i /etc/passwd

The link of course get’s far more involved with Chattr but you get the general idea. Optionally you can get install AES Crypt.

Optionally if you are handy with Python you can use Pycrypto.

performance

By itself Linux has advantages regarding firewall simplicity, integrity checking, and even experienced admins will admit that ssh-ing into a Linux machine with a reverse shell is no guarantee of anything provided the user has even a passing familiarity with their system. Setting an approved ssh key for a remote desktop often requires specialized x session configurations. <— Not easy to do remotely.

That means that really aside from seeing that the machine is there, even within one’s own network connecting and affecting are not guaranteed. While telnet, ssh, and rdp connections are almost as easy as using ftp to upload a file to a server, “Taking control of someone’s computer” is a bit trickier. (VNC passwords should of course not be the same as root passwords FYI.)

The most common exploits are still browser based and socially engineered, which means someone is more likely to defraud someone out of your passwords for websites and that doesn’t really change based on your operating system preference. Google’s Chrome OS has done a great job trying to idiot proof their browsers.

Linux can be zipped up tighter than anyone would guess, and depending on one’s browser configuration they could be relatively safe. The same can be done to some degree on any OS, the more obscure the less likely to be targeted directly.

It eventually boils down to things like encryption, RSA standards use a public key and a private key to make really big prime numbers or semiprime numbers that are very difficult to decrypt due to the many possibile combinations of numbers that those huge numbers might actually consist of.

9×9 = 81 so you could reasonably determine that 81 might represent 9×9…

On the other hand the number below is just an example of the number one might be stuck trying to decrypt to get at someone’s credit card information. What two numbers was it made of?

RSA-100 = 15226050279225333605356183781326374297180681149613
          80688657908494580122963258952897654000350692006139

This isn’t just a deterrent, it’s what makes your information more secure. Linux keygeneration can be done manually of course as indicated here.

That can be coupled with literally dozens of other methods to make secure connection between two Linux machines very secure. An article from digital ocean talks about that in greater detail here.

Out of the box even samba is only as secure as your configuration allows… But if you just keep a picture of a trollface in your shares folder and it gets hacked who really won?

The truth is that when properly motivated nothing is bulletproof. Setting a bios password is thwarted by popping out the battery, changing it to allow a usb to boot could allow someone to peruse your system from a live environment, or even to email themselves copies of your files. So using online storage might be almost a healthy level of paranoia if you think someone is motivated enough to snoop on your system.

Worse yet, simply taking someone’s hard drive out and popping it into another machine isn’t necessary, provided the attacker knows how to rig an external hard drive connection wire. That might be a reason to encrypt those home folders. (Just don’t leave the password on the same machine.)

Does the standard “hacker” know how to do all of this stuff? Probably, but most attacks really do start with lower tech approaches. Shoulder surfing, garbage sorting, social engineering… At the end of the day you just have to make it harder than it’s worth to get anything you value out of your digital world. Save things on external storage and hide it, or just don’t have anything more valuable than your links to my website.

linux2016
*Based on user experience, our picks for best Linux 2016

#Cheers and I’ll do more articles like this in the near future.

Spread the love

123 thoughts on “A More Secure Linux”

  1. Excellent blog here! Also your website loads up fast! What host are you using? Can I get your affiliate link to your host? I wish my site loaded up as fast as yours lol

  2. I don’t even know how I ended up here, but I thought this post was great. I don’t know who you are but certainly you are going to a famous blogger if you are not already ;) Cheers!

  3. Thank you for the good writeup. It in fact was a amusement account it. Look advanced to more added agreeable from you! However, how can we communicate?

  4. Very smooth article. I certainly like this site . Keep it up!

    http://www.money-finance.net/the-gold-ira-essentials/

  5. Good post. I certainly love this website. Keep writing!

    http://www.investopedia.com/advisor-network/advisors/61757/wendy-ann-payne-csa-cep-/

  6. Hello, i think that i saw you visited my web site thus i came to “return the favor”.I’m attempting to find things to improve my site!I suppose its ok to use a few of your ideas!!

  7. As I website possessor I believe the content matter here is rattling wonderful , appreciate it for your efforts. You should keep it up forever! Best of luck.

  8. I am really impressed with your writing skills as well as with the layout on your blog. Is this a paid theme or did you customize it yourself? Anyway keep up the excellent quality writing, it’s rare to see a great blog like this one today..

  9. whoah this weblog is fantastic i really like studying your articles. Stay up the good work! You recognize, lots of individuals are searching around for this info, you can help them greatly.

  10. Hello my friend! I want to say that this article is amazing, nice written and include approximately all important infos. I¡¦d like to see more posts like this .

  11. Good article piece. I certainly like your site. Stick with it!

    http://firstlime.com/orange-shape-juice-extractor/

  12. I appreciate greatly for your effort in writing this post.

    http://www.fcc.gov/fcc-bin/bye?http://thegoldinvestment.com/

  13. This is really interesting, You are a very skilled blogger. I’ve joined your rss feed and look forward to seeking more of your wonderful post. Also, I’ve shared your website in my social networks!

  14. Whats Going down i am new to this, I stumbled upon this I’ve discovered It absolutely helpful and it has aided me out loads. I’m hoping to contribute & assist other customers like its helped me. Great job.

  15. I like what you guys are up also. Such clever work and reporting! Keep up the excellent works guys I¡¦ve incorporated you guys to my blogroll. I think it will improve the value of my site :)

  16. I appreciate greatly for your effort in writing this post.

    http://immanuvelmoses.skyrock.com/3293177516-How-to-properly-invest-in-Gold-IRA-Rollover.html

  17. I appreciate greatly for your great effort in writing this article.

    https://www.facebook.com/writingjobincome

  18. I think this is among the most vital information for me. And i’m glad reading your article. But should remark on few general things, The site style is wonderful, the articles is really excellent : D. Good job, cheers

  19. I’ve recently started a site, the info you offer on this website has helped me tremendously. Thanks for all of your time & work.

    http://www.freewebsite-service.com/helenn1/Everyday2Bquotes.php?id=1011851&snavn=Some+Ways+To+Deal+With+Bachelor+Party

  20. Really Appreciate this post, is there any way I can receive an email every time there is a fresh update?

    http://mrbaystreet.com/myb/index.php?do=/blog/62089/information-source-showing-more-on-ssc-exam-paper/

Leave a Reply

Your email address will not be published. Required fields are marked *