Kernel Developers Share Security Tips

by Joe Brockmeier

Learn tips for keeping your Linux system safe in this post-kernel.org-breach world.

As most folks know by now, a security breach affecting kernel.org was discovered in September. While that didn't affect kernel sources, it did get Linux kernel developers to thinking about their personal system security--and it might not be a bad idea for others to do the same.

Greg Kroah-Hartman kicked off the discussion with eight tips for doing a reality check on Linux systems. The first suggestion is to start from a clean install--but that's not always an option.

Kroah-Hartman shared a few other tips, including using chkrootkit, OSSEC-rootcheck or rkhunter to see if a system has any rootkits.

Checking package signatures is also a good idea. With RPM, rpm--verify--all is all that is needed, although it's a bit more complicated to do on Debian-based systems. But Kroah-Hartman does supply a Bash snippet to do just that:

dpkg -l *|while read s n rest; do if [ "$s" == "ii" ]; then echo $n;
fi; done > ~/tmp.txt
for f in `cat ~/tmp.txt`; do debsums -s -a $f; done

Kroah-Hartman also recommends inspecting systems using a live CD and scanning through logs looking for "mysterious" messages like programs trying to touch /dev/mem.

Willy Tarreau also contributed several suggestions, like checking to see that connections between local machines are expected. Tarreau advises users to grep /var/log/messages specifically for "sshd" and to look for the string 'Invalid user' coming from internal machines.

Tarreau notes that outgoing SMTP requests are also suspect. "If one machine suddenly tries to send mails directly to outside, it might be someone trying to steal some data" such as SSH keys, said Tarreau.

Another suggestion that applies equally well to other systems that use SSH is to make sure to use the "AllowUsers" and "AllowGroups" directives in sshd_config to ensure access by only specific users.

The odds are against being able to perfectly harden a system against all attacks. However, a little bit of work can go a long way toward securing systems against most attacks--particularly automated attacks that depend on lax system security.

Joe 'Zonker' Brockmeier is a freelance writer and editor with more than 10 years covering IT. Formerly the openSUSE Community Manager for Novell, Brockmeier has written for Linux Magazine, Sys Admin, Linux Pro Magazine, IBM developerWorks, Linux.com, CIO.com, Linux Weekly News, ZDNet, and many other publications. You can reach Zonker at jzb@zonker.net and follow him on Twitter.

Follow ServerWatch on Twitter

This article was originally published on Tuesday Oct 4th 2011
Mobile Site | Full Site