As most folks know by now, a security breach affecting kernel.org was discovered in September. While that didn't affect kernel sources, it did get Linux kernel developers to thinking about their personal system security--and it might not be a bad idea for others to do the same.
Greg Kroah-Hartman kicked off the discussion with eight tips for doing a reality check on Linux systems. The first suggestion is to start from a clean install--but that's not always an option.
Checking package signatures is also a good idea. With RPM,
rpm--verify--all is all that is needed, although it's a bit more complicated to do on Debian-based systems. But Kroah-Hartman does supply a Bash snippet to do just that:
dpkg -l *|while read s n rest; do if [ "$s" == "ii" ]; then echo $n;
Kroah-Hartman also recommends inspecting systems using a live CD and scanning through logs looking for "mysterious" messages like programs trying to touch
Willy Tarreau also contributed several suggestions, like checking to see that connections between local machines are expected. Tarreau advises users to grep
/var/log/messages specifically for "sshd" and to look for the string 'Invalid user' coming from internal machines.
Tarreau notes that outgoing SMTP requests are also suspect. "If one machine suddenly tries to send mails directly to outside, it might be someone trying to steal some data" such as SSH keys, said Tarreau.
Another suggestion that applies equally well to other systems that use SSH is to make sure to use the "AllowUsers" and "AllowGroups" directives in
sshd_config to ensure access by only specific users.
The odds are against being able to perfectly harden a system against all attacks. However, a little bit of work can go a long way toward securing systems against most attacks--particularly automated attacks that depend on lax system security.
Joe 'Zonker' Brockmeier is a freelance writer and editor with more than 10 years covering IT. Formerly the openSUSE Community Manager for Novell, Brockmeier has written for Linux Magazine, Sys Admin, Linux Pro Magazine, IBM developerWorks, Linux.com, CIO.com, Linux Weekly News, ZDNet, and many other publications. You can reach Zonker at firstname.lastname@example.org and follow him on Twitter.