Chapter 1: Linux Security Overview
This chapter introduces you to some of the security features of the Linux operating system. We will also cover aspects of Linux that differ from other UNIX-like operating systems. This chapter covers the basics of Linux security; if you are a seasoned Linux administrator, you will more than likely find much of this chapter familiar territory.
The highest-level user on a Linux machine is named root (you'll learn more about users later). The root user has complete and total control over all aspects of the machine-you can't hide anything from root, and root can do whatever root wants to do. Therefore, for a hacker to "root your box" means the hacker becomes the root user, thereby gaining complete control over your machine.
There are kernel patches such as LIDS (discussed in Chapter 2) that can contain the all-powerful nature of root and make your machine more secure, even in the event of a root compromise.
A common misconception of many Linux users is that their Linux machine is not important enough to be hacked. They think, "But I don't have anything important on my machine; who would want to hack me?"
This type of user is exactly who hackers want to hack. Why? Because hacking is easy. And usually, the hacker's ultimate goal is not the machine he or she has hacked, but other, more important machines.
They Want Your Bandwidth Hackers may want to hack your machine to use it as a stepping stone. In other words, they will hack your machine and do evil deeds from your machine so it appears as though you are doing it, thereby hiding their trail.
Or they may want to use your machine as a stepping stone to another machine, and from that machine move to another machine, and from that machine move to another machine, and so on, on their way to obtaining root on a . gov machine.
Or they may want to use your machine as part of a group of computers they have compromised with the purpose of using them together to perform distributed denial-of-service (DDoS) attacks, such as those that took down eBay at the beginning of 2000.
Or they may want access to your machine so that they can then have access to your employer's machine. Or your friend's machine. Or your kid's machine, especially if your child has a more sophisticated computer than you do.
They Want Your CPU Hackers may want to hack your machine to use your CPU to execute their programs. Why waste their own resources cracking the numerous password files they procure when they can have your machine do it for them?
They Want Your Disk Hackers may want to store data on your machine so they don't use up their own disk space. Perhaps they have pirated software (warez) they'd like to make available, or maybe they just want to store MPEGs of questionable moral content.
They Want Your Data Hackers may want your business' trade secrets for personal use or to sell. Or they may want your bank records. Or they may want your credit card numbers. Or they may want to make you look like a hacker when they launch from your machine.
Or they may just want to wreak havoc on you. The sad fact is that there are people in the world who like to sabotage other people's computer systems for no other reason than that they can. And maybe they think it is cool. And maybe they have destructive personalities. And maybe it brings them some sort of bizarre pleasure. And maybe they want to impress their hacker friends. And maybe they are bored and have nothing better to do with their lives. Who knows why they want to hack your machine? But the fact is: they do want to hack your machine. My machine. Our machines.
Therefore, it is up to us to educate ourselves on their tactics, strategies, and methods and protect ourselves from them.
Linux is part of what is now known as the open source movement. The Linux operating system is free, but more important, Linux is open. That means that the source code for the operating system is available-anyone can view the source code and examine it, modify it, and suggest and make changes to it.
There are many programs that are part of the open source movement, and some of the programs are the most popular programs used around the world:
Apache A web server that is used on approximately two-thirds of all web sites on the Internet.
- Perl A popular programming language used to solve all sorts of problems.
- Sendmail The most popular mail transfer program used to route 80 percent of the email on the Internet.
- Netscape A previously closed source program that became open source; a popular web browser.
Each of these programs are available on almost all distributions of Linux.
Open Source and Security
Proponents of open source claim that the nature of open source software makes it more secure. Critics of open source claim that open software is less secure.
Plusses of the Open Source Model
Open source is more secure because anyone can view it. And anyone can improve it. And in the case of the Linux kernel and applications, thousands of people do just that.
In 1997, Eric Raymond wrote a watershed paper titled "The Cathedral and the Bazaar" (ht tp : //www. tuxedo. org/-esr/writ ings/cathedral-bazaar/)...