Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security Linux box. In this first part of a Linux server security series, I will provide 20 hardening tips for default installation of Linux system.
Microsoft chief operating officer Kevin Turner recently talked about netbook and claimed that retailers experiencing higher return rates as compare to MS-Windows operating systems:
And the reason that we were able to make so much traction – because this is the first real test of the value of Windows – the reason we were able to make so much traction on this particular space is because we went to retailers and said, “Hey, what are your return rates on these Linux netbooks that you are getting?” And they said, “Oh, gosh, they’re, like, four or five times higher than what we’re seeing on other PCs that have Windows.” I said, “Exactly.” So let’s do the TCO story. Let’s talk to customers. And you can’t find a retailer – I challenge you to find a retailer who wants to sell Linux on these netbooks, because the returns are bad. The customer complaints are bad. And our ability to really showcase the value proposition with Windows has never been greater and was never tested more than it was with this particular product. But we’ve made great progress there, but the up-sell opportunities with Windows 7, because it runs so well on these low-end laptops, is going to be tremendous for us.
“After The Software Wars”, is a new book in which former Microsoft employee Keith Curtis explores the worlds of proprietary and free software. Quoting from the article:
While I came to not be all that thrilled with Fedora itself, I was floored merely by the installation process. It contained a graphical installer that ran all the way to completion, it resized my NTFS partition — which I considered a minor miracle, setup dual boot, and actually did boot, and let me surf the Web. I didn’t have a clue what to do next, but the mere fact that this all worked told me more about the potential of Linux than anything I had read so far. You cannot, by accident, build an airplane that actually flies.
This is an interesting visualization techniques for software analysis. From the article:
Despite being a very important part of any operating system, file systems tend to get little attention. Linux has three editions for Linux Device Drivers, another three for Understanding the Linux Kernel and two for Linux Kernel Development. The first is a detail analysis of one particular Linux Kernel tree and the second is a shorter one done over a large number of file systems from Linux Kernel 2.6.0 to 2.6.29. After that there is a small section that shows some aspects of the BSD family. After conclusions there is an appendix consisting of three things: the first one explains how the file systems for Linux were compiled, the second one shows timelines for the releases of Linux Kernel, FreeBSD, NetBSD and OpenBSD; the last is a detailed map of the external symbols of the kernel modules analyzed in the second section.
The ss command is used to show socket statistics. It can display stats for PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, and more. It allows showing information similar to netstat command. It can display more TCP and state information than other tools. It is a new, incredibly useful and faster (as compare to netstat) tool for tracking TCP connections and sockets. SS can provide information about:
- All TCP sockets.
- All UDP sockets.
- All established ssh / ftp / http / https connections.
- All local processes connected to X server.
- Filtering by state (such as connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT), addresses and ports.
- All the tcp sockets in state FIN-WAIT-1 and much more.
Lets see how much effort it is going to take to convert this configuration to entirely different firewall platform – PF on OpenBSD. There are different ways to do this. I could make a copy of each member firewall (linux-test-1 and linux-test-2), set platform and host OS in the copy to PF and OpenBSD and then create new cluster object. This would be a sensible way because it preserves old objects which helps to roll back in case something does not work out. However, to make the explanation shorter, I am going to make the changes in place by modifying existing objects.