Language Selection

English French German Italian Portuguese Spanish

Unix How-To: Give Me That Old-Time Security!

Filed under
Security
HowTos

Even in the wild frontiers of today's Internet, good basic Unix system security provides extremely valuable protection against security breaches. In today's column, I'm going to rant about some basic security rules of thumb that every Unix sysadmin ought to consider.

The first basic security rule is to keep your consoles safe. Lock them up, eliminate them by replacing them with console servers (recovering rack space at the same time), and make sure that only a very select group of people have access to them. What's more, access to your data centers should be limited to just those who need to lay hands on the servers. If anyone can walk in and out, you're asking for a headache.

Data centers should be equipped with UPS or, better still, a generator to keep them up through significant power outages. Wait, you ask, is power to the data center security? You bet it is! Anything that threatens the productivity of your staff and the smooth running of your business is a security concern. UPS systems can often be configured to send low battery signals to systems and initiate auto-shutdown options, further preventing hardware loss. Check your UPS systems and make use of this feature if it's supported. If your AC is not also on the UPS or generator, auto-shutdown of systems might prevent them from being damaged through overheating.

rest here




More in Tux Machines

4 Great Linux Distros Designed for Privacy and Security

Conventional security measures like antivirus programs are behind the curve when it comes to modern hackers and malware. Unfortunately, antivirus software and firewalls give users a false sense of security. In reality, new threats are being developed and unleashed into the wild every single day, and even the best antivirus programs have to play catchup. Recent ransomware attacks (aka. WannaCry) have targeted Windows-based PCs in over 150 countries – cyber security and privacy is incredibly important. Windows and macOS are easy to use and popular; however, they are much more susceptible to malicious code. Linux is free and open source, which means there are hundreds of “flavors.” These individual distributions are tweaked to different specifications. Security-focused users will be pleased to know that there are a number of Linux distros designed with security and privacy in mind. Read more

Linux Foundation and Linux Kernel

  • General Manager of Training at The Linux Foundation Forecasts Cloudy Weather
    Where does The Linux Foundation believe ones time is well spent to catapult their career objectives? It is fairly apparent after reaching out to Clyde Seepersad, General Manager Training and Certification of The Linux Foundation, the cloud is the place to be. When communicating with him on a variety of topics that revolve around The Linux Foundation's certification offerings and education, the central point of focus is the cloud. Clyde provided us with a slew of information about The Linux Foundation's efforts to make sure FLOSS continues to succeed for the foreseeable future.
  • Linux Foundation LFCS and LFCE Pratik Tolia Plans to Become Authorized Instructor
    The Linux Foundation offers many resources for developers, users, and administrators of Linux systems. One of the most important offerings is its Linux Certification Program, which is designed to give you a way to differentiate yourself in a job market that's hungry for your skills.
  • Hughes: Updating Logitech Hardware on Linux
    Logitech has provided firmware updates, but not for "unsupported" platforms like Linux. Hughes has filled that gap by getting documentation and a fixed firmware image from Logitech and adding support for these devices to fwupd. He is now looking for testers to ensure that the whole thing works across all devices. This is important work that is well worth supporting.
  • Updating Logitech Hardware on Linux
    This gave an attacker with $15 of hardware the ability to basically take over remote PCs within wireless range, which could be up to 50m away. This makes sitting in a café quite a dangerous thing to do when any affected hardware is inserted, which for the unifying dongle is quite likely as it’s explicitly designed to remain in an empty USB socket. The main manufacturer of these devices is Logitech, but the hardware is also supplied to other OEMs such as Amazon, Microsoft, Lenovo and Dell where they are re-badged or renamed. I don’t think anybody knows the real total, but by my estimations there must be tens of millions of affected-and-unpatched devices being used every day.
  • An introduction to Libral, a systems management library for Linux
    Linux, in keeping with Unix traditions, doesn't have a comprehensive systems management API. Instead, management is done through a variety of special-purpose tools and APIs, all with their own conventions and idiosyncrasies. That makes scripting even simple systems-management tasks difficult and brittle.
  • Linux Kernel 4.11.2-1 released
  • Cgroups/namespaces/seccomp/capabilities course
  • Linux Shared Libraries course, Munich, Germany, 20 July 2017
    I've scheduled a public instance of my "Building and Using Shared Libraries on Linux" course to take place in Munich, Germany on 20 July 2017. This one-day course provides a thorough introduction to building and using shared libraries. covering topics such as: the basics of creating, installing, and using shared libraries; shared library versioning and naming conventions; the role of the dynamic linker; run-time symbol resolution; controlling symbol visibility; symbol versioning; preloading shared libraries; and dynamically loaded libraries (dlopen). The course format is a mixture of theory and practical.

Red Hat Linux Upgrade Pushes New Security, Automation Tools

Red Hat on Tuesday announced the availability of Red Hat Enterprise Linux 7.4 beta. RHEL 7.4 includes new security and compliance features and streamlined automation, along with tools for improved systems administration. This latest upgrade comes nearly three years into the series 7 lifecycle. It continues to provide enterprises with a rich and stable foundation for both existing applications and a new generation of workloads and solutions. Read more

The History of Ubuntu Linux, Canonical's Open Source OS

In October 2004 the first Ubuntu release, Ubuntu 4.10, debuted. Codenamed Warty Warthog because it was rough around the edges, Ubuntu 4.10 inaugurated a tradition of releasing new version of Ubuntu each April and October that Canonical has maintained up to the present -- with the exception of Ubuntu 6.06, which came out a couple of months late in 2006. Ubuntu 4.04 launched six months after Mark Shuttleworth first met with Debian developers to discuss the creation of a new, Debian-based Linux distribution that would emphasize ease-of-use, regular release cycles, accessibility and internationalization. Read more