Security Information and Review

Collection of security information and review

Hardening Linux Server part 1 : Physical Access Security

Author : Admin

Security of a Linux Server is very important and it’s not only software or package is installed. There are several aspect to be considered such physical security, operating system, application and network. A Secure Linux server depends on how the administrator make it.

 

Improvement of Linux server security, one of more aspect that is very important is the physical security. Administrator must block unauthorized people to access Linux server and make sure who is promised to physical access to server. It’s important to note that there is possibility to bypass the security measure if someone has physical access to Linux server. So it’s select room server with access control system.

 

BIOS is a low level software that is used to configure the hardware system and ensure the super user password is enabled. It’s recommended to protect unauthorized people to change any configuration at BIOS feature like allowing boot from removable disk or CDROM. There is possibility to reset all configuration BIOS or system if someone has access to BIOS.

 

Next step to be considered is improve the security of boot loader program which is used by Linux server such LILO or GRUB. In this discus, we assumption, Linux server use LILO. LILO is very important in the Linux system, for this reason we must protect it the best we can. There are three important option of LILO to improve security of the Linux server.

 

First option is adding how long LILO waits for user input before booting to the default selection. Second option is restricted, it’s only be used together with the password option. Third option is asks the user a password will trying to load the image we may have. See detail how to add or change three option to improve the Linux system as show at this script.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
 
#vi /etc/lilo.conf
 
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=00
message=/boot/message
default=linux
image=/boot/vmlinuz-2.xxx
        label=linux
        restricted
	password=secret
	read-only
	root/dev/hda1
 
….

The configuration of LILO is text file and contain unencrypted passwords, it should only readable for the super user root. Use the following command to to make sure the configuration of LILO is readable only by root.

       #chmod 600 /etc/lilo.conf

To improve security of the Linux system, we can take secure of the configuration of LILO file is immutable. To make file /etc/lilo.conf is immutable, use following command.

       #chattr +i /etc/lilo.conf

To tighten and improve security of the Linux server is disable interactive boot ( only Redhat distro ). With this feature, someone is allowed to change run level of service, it’s used with press ‘I’ when the Linux system is booting. To disable this feature, edit file /etc/sysconfig at the PROMPT option and set to “no”.

 

One more security measure we can take to secure the Linux server is disable the Linux system restart with Ctrl + Alt + Del command. So, configure file /etc/inittab to disable Ctrl + Alt + Del command, see script bellow :

1
2
3
4
      #vi /etc/inittab
 
      # comment this line to disable
      #ca::ctrlaltdel:/sbin/shutdown –t3 –r now

Now, for the change to take effect type in the following script at command prompt.

       #/sbin/init q

See other article, how to improve security of the Linux server at the next article : Hardening Linux Server 2 : Advanced Linux Security.

 

 

Mohamad Widodo

Mohamad Widodo

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati
  • YahooMyWeb
  • Slashdot
  • StumbleUpon
Categories: Linux
 

[...] the previous discussion, Hardening Linux Server part 1: Physical Access Security was discussed how to improve physical access security in the Linux server. In this discussion will [...]

If you like this posts, please leave messages / comments.