Linux Guide/Security

Linux, compared to some other popular systems, is very secure, thanks to its UNIX heritage. However, while infecting one's system is difficult, it is not impossible. A mindset of paranoia is usually the most appropriate one with regard to security. In addition, viruses are far from the only part of security. Proper configuration and special care in multi-user systems with many clients are also to be considered.

Keeping Up-to-Date
No software is perfect. One will almost always find security holes in any sufficiently complicated piece of software. Thus, it is important to stay on top of all security updates provided by your distribution. Many distributions provide update tools to automatically check for updates. Your system may be able to update many packages automatically. Setting up automatic updates is normally a very good idea. Check if your distribution provides a security announcement mailing list, which will inform you of important updates.

Anti-Virus
Viruses are very uncommon on Linux and in general, you should not have to worry much about your system being compromised by one. However, your Linux system may act as a file-server for Windows clients or as an email-server that delivers email to Windows clients. In that case, one should ensure that files and emails are clean to prevent infection to your clients.

Samba has ability to plug into the popular free Linux anti-virus system, ClamAV. Your distribution likely has tools to configure this for you. Consult your distribution's documentation for more information.

Simple Firewall
At minimum you should employ a simple firewall. Below you will find a sample script to provide a simple firewall. I have used this script as a base for more complex firewall schemes on slackware and debian systems. It is a very simple script, perhaps others will feel compelled to contribute more advanced and specific use scripts as well.


 * 1) !/bin/bash
 * 2) Basic script to keep the server secured

iptables -F
 * 1) Flush the current tables.

iptables -P INPUT DROP iptables -P FORWARD DROP
 * 1) Default policy to drop 'everything'uyuy
 * 1) iptables -P OUTPUT DROP #BLOCKS ALL 'OUTBOUND' TRAFFIC

iptables -A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT
 * 1) Allow local loopback communications (localhost).

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 * 1) Allow established connections with stateful connection tracking

iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
 * 1) Drop packets of unknown origin which are not TCP/SYN related.


 * 1) Allow offered service clients to connect to ethernet interface.
 * 2) You may need to change your interface from eth1.
 * 3) HTTPd & SSL
 * 4) iptables -A INPUT -p tcp --dport 80 -i eth1 -j ACCEPT
 * 5) iptables -A INPUT -p tcp --dport 443 -i eth1 -j ACCEPT


 * 1) end script

First we flush the current tables, which basically means that your rule-set is about to change. We then establish 2 rules to drop (not reject) all traffic coming into or being forwarded through our computer. We would like to access the Internet so we create 2 more rules the first which allows traffic into our computer which is distinctly associated with our self initiated outbound requests. The second rule takes care of our localhost... our computer can access our computer and can make use of the network loopback interface. The final 2 rules allow port 80 http and 443 https, they are commented so the ports are not opened by default.

If you decide to utilize this simple script as a base reference please contribute to this page and topic. I have housed this script in several locations each has it's organizational pros and cons. I have placed this file in /root/ and in /root/bin/ and /etc/firewall/.