Embed Size (px)
Citation preview
Linux Security
Linux Security
Module 13 – Linux Security
♦ OverviewLinux is more prone today to security loopholes and attacks, both inside and outside the network. In this module we learn about the various services and their role in Linux booting process. This module deals with iptables and TCP Wrappers.
♦ Lessons covered in this module► Introduction to System Service ► Securing Network
Linux Security
Lesson 1 – Introduction to System Service
♦ IntroductionIn Linux, system initialization i.e. starting up the system processes whenever system boots, is controlled and maintained by several files and directories. All the processes run as they are indicated in the files and certain things can be manipulated to meet requirements.
♦ Topics covered in this lesson► System Initialization ► Chkconfig
Linux Security
♦ The following three main steps happen each time a system boots up to run Linux:
► Boot hardware – On the basis of information in the system’s read only memory, i.e. BIOS, the system examines and starts up the hardware.
► Start boot loader – Ideally, the BIOS examines the master boot record on the primary hard disk to view what to load next.
► Boot the kernel – With an assumption that Linux is selected to be booted, the Linux kernel will be loaded.
Topic 1 - System Initialization
Linux Security
System RunLevels
♦ The Linux system is brought to a predefined working condition when the Linux kernel runs /sbin/init.
♦ /sbin/init reads its configuration file and begins all programs listed in the configuration file. This predefined working condition is known as runlevel.
♦ Two styles of init programs, BSD-derived init programs and System V-derived init programs are usually used
► BSD-derived init programs have only one predefined runlevel
► System V-style init programs are more flexible
Linux Security
♦ Red Hat comes with many predefined runlevels as listed in this table
Predefined Runlevels
Linux Security
System Startup Files
♦ The system startup files control and manage the tasks after the system gets booted up by the boot loader.
♦ These files are essential for successful operation of the computer since they regulate the processes at system boot up.
♦ There are several system startup files and scripts as listed below:
► The rc.sysinit script► The /etc/init.d and /etc/rcX.d directories► The /etc/rc script ► The /etc/rc.local file
Linux Security
♦ The chkconfig command offers the capability to inquire the configurations existing or to customize configuration currently on the system.
[root@localhost ~]#chkconfig –level 345 sendmail on
► The above command would configure the system to start sendmail in runlevels 3, 4 and 5.
► The present configuration of a particular daemon can be found out by running the below command,
[root@localhost ~]# chkconfig –list daemon
Topic 2 - Chkconfig
Linux Security
♦ IntroductionIn Linux, to make a network environment safe, security has to be provided. TCP Wrapper is a tool usually used on Linux systems to regulate and filter connections to network services. iptables, a firewall product also restricts unauthorized access from accessing a network.
♦ Topics covered in this lesson► Iptables► TCP Wrappers
Lesson 2 – Securing Network
Linux Security
♦ Firewall is a system designed to limit unauthorized access to or from a private network.
♦ Firewalls can be applied in both hardware and software or a combination of both.
♦ Firewalls are often used to avoid unauthorized Internet users from accessing private networks connected to the Internet and Intranet.
♦ Earlier, a firewall package called ipchains that is now replaced by iptables
Topic 1 - iptables
Linux Security
♦ Iptables can be started, stopped and restarted after system boot by running the following commands:
[root@localhost ~]# service iptables start
[root@localhost ~]# service iptables stop
[root@localhost ~]# service iptables restart
♦ The iptables can be made to get configured to start at system boot by using the chkconfig command as given below.
[root@localhost ~]# chkconfig iptables on
Starting iptables
Linux Security
♦ The table given below gives an overview of the procedure for packets transmitted by the firewall
Packet Processing in iptables
Linux Security
Packet Processing in iptables
♦ Illustration of a TCP packet from the Internet passing through the interface of the firewall on Network A
Linux Security
Targets
♦ The way, the rules are added to the chains of the firewall are done using Targets
Targets in iptables
Linux Security
♦ TCP Wrapper is a tool usually used on Linux systems to regulate and filter connections to network services.
♦ TCP Wrappers offer wrapper daemons, which can be installed without making changes in existing software.
♦ Most of the TCP/IP applications depend on the client and server model.
♦ The TCP wrapper configurations are stored in two files /etc/hosts.allow and /etc/hosts.deny. Permissions are stored in /etc/hosts.allow and denials in /etc/hosts.deny.
Topic 2 – TCP Wrappers
Linux Security
Topic 2 – TCP Wrappers
♦ Example for Blocking ssh (Secure shell)
sshd: ALL (for all)
sshd: ALL EXCEPT 192.168.10.10
♦ Example for Blocking FTP (file transfer protocol)
vsftpd: ALL (for all)
vsftpd: ALL EXCEPT 192.168.10.10
♦ Example for Allowing Telnetin.telnetd, sshd: .india.com 192.168.0.8
Linux Security
Lab Exercise
♦ iptables and TCP Wrappers In this lab we have to restrict access to the service using iptables and TCP_wrappers. You want to block the telnet service so that HOSTA will not be able to telnet HOSTB. Assume that HOSTA and HOSTB have IP address 192.168.1.1 and 192.168.1.2 respectively.
Linux Security
♦ Summary
► A Linux system can be brought into a pre-defined working condition called runlevel that signify a particular function
► There are several system startup files that control and regulate startup processes whenever a system boots up
► There are different ways to secure Linux, through Security services, Firewall and TCP Wrapper.
♦ Question and Answer Session
Conclusion
