HomeHow-To-Linux TechSecure Your Linux Server Right Now Part 1

Secure Your Linux Server Right Now Part 1


Introduction


Linux is the default alternative of preference for several developers once it involves developing applications, deploying instrumentality technologies, or operating in an enterprise. It’s fast, snappy, needs less resources, and provides additional power within the hands of the user. Often, we tend to forget to understand that it comes packaged with its default settings which may go against the safety policies of your company.
It is thus counseled to follow the simplest security policies and keep yourself and your servers up-to-date with the newest safety features.


Disabling User Accounts


Different firms have totally different policies on what to try {and do} with user accounts if a worker is on temporary leave or is for a good setone amongst the foremost common methods to require here would be to a minimum disabling the user account of the worker till additional notice from the authorities.
This accomplishes 2 objectives. The system would be protected in many ways in which. For starters, nobody would be allowed to induce into it within the absence of the owner, guaranteeing that no personal data concerning the worker was altered or interfered with. It conjointly reduces the probability of a compromised user account as a result of the dormant user account. If you would like to disable a user account, you’ll be able to do therefore by mistreatment of either the usermod or the password commands. each of them performs a couple of totally different functions, one of that is the deactivation of user accounts. To deactivate Jack’s account, follow these steps:

usermod –L jack
or
passwd –l jack

The /etc/passwd file is used to keep track of registered user accounts in the Linux System. What these commands will do is add an ! (exclamation) mark in the second field of the /etc/passwd file.

While you might think that this has solved the issue. But if the user creates an SSH key to log into his account, disabling the user account will not work. In that case, you’ll need to use chage –E0 command to disable the user account.

chage –E0 jack

When you use the chage command, it will make a small modification to the /etc/shadow file. In the eighth field which is usually empty will be set to zero, indicating that the account has been effectively closed down. When this option is selected, the chage command not only keeps track of the number of days between password changes, but it also offers information on the account’s expiration date. A zero in the eighth field would indicate that the account expires on the first day of January 1970, but it would also simply lock the account.

Deleting User Accounts

Once you know that a user account is no longer required you can delete it. This will ensure that the user doesn’t perform any malicious activities out of any personal motivation or grudge after he/she has been laid off. To delete a user account, you can make use of the userdel command. To delete jack’d account:

userdel jack

To remove jack’s files in the /home and the /mail directory, you can make use of the –flag

userdel –r jack

There might also be some processes that might be running under the name of the user. It is, therefore, necessary to stop them as well in order to remove any inconsistencies that might arise in the future. You can use the killall command to do that.

sudo killall –u jack`

Another alternative could be to forcefully remove the user account and all the processes running under its privileges even if the user is still logged in. You can use the –f (force) flag to do so.

userdel –f jack

Creating Restricted Shells

Let’s have a look at what restricted shells are before we get into creating them. In accordance with its name, a restrictive shell is a shell that has limitations imposed on it. A large number of commands are unavailable to users due to the restrictions that have been placed on them. Using this method is especially beneficial when it is necessary to deny access to any command that could be used to harm the files, system, or network by a guest or a normal user. You’ll typically find them in college libraries, Internet cafés, and other such locations. Bash is the default shell in most Linux-based operating systems, including Ubuntu. As a result, you can make use of rbash, which is also known as limited bash.

There are a few ways to implement restricted shells.

Type1 : While creating a new user account.
The process is fairly simple when you are creating a new user account for a user or an employee. To create a new user account with restricted access

sudo useadd jack –s /bin/rbash

To set up a password for the user jack

sudo passwd j4cKP$$word`

To create two directories, /home/jack and /home/jack/bin for the user jack.

sudo mkdir –p /home/jack/bin`

Change the $PATH variable to /home/jack/bin so that the jack can only run the commands that are available in the /home/jack/bin directory. Otherwise, there won’t be any use in setting up a restricted shell because it will easily be bypassed.

export PATH=$HOME/bin

Now you can add the binaries/commands that you want jack to run. You can either manually move the binaries in the /home/jack/bin directory or create symbolic links or symlink that point to another file or folder on your computer or on a connected file system. A symlink is a type of symbolic link in Linux and Unix.

For example, to avail the ping command for the user jack:

sudo cp /bin/ping /home/jack/bin

To use symbolic links:

sudo ln –s /bin/ls /home/jack/bin

Type II: When a user account is already created
To impose restrictions on the existing users, you can use the usermod command. To implement rbash for tom:

sudo usermod –s /bin/rbash tom

Disabling USB Sticks

Depending upon how critical the computer is, it is recommended and necessary that you disable the use of USB ports and sticks on the host machine. USB sticks can be a source of malware, ransomware, etc and we often don’t think twice before plugging in any device that we found lying around.

To disable the use of USB sticks, you can use the blacklist.conf file in your Linux Machine. These commands should only be run by people who have admin or sudo rights. The steps are:

nano /etc/modprobe.d/blacklist.conf`

Add the following line at the end, when the blacklist.conf file opens.

blacklist usb_storage`

The next step would be to open up the rc.local file.

nano /etc/rc.local

The last and final step would be to add the following two lines.

modprobe -r usb_storage
exit 0

Conclusion

While the previous two blogs were more focused on Linux Servers for independent development, web hosting, and other related objectives, this blog article was more focused on enterprise security of Linux systems, as opposed to the previous two blogs.

Also Read:

How To Recover Deleted Files In Linux

Python Programming Interview Questions For Freshers 2021

How to reset ROOT password in RHEL/CentOS

Linux SysAdmin Interview Questions 2021 Part 2

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments