This document provides an overview of Linux security, including:
1) It introduces user security in Linux which uses a model of users and groups, each with a unique ID and permissions to access files.
2) It describes Linux file system security which implements read, write, and execute permissions for users and groups.
3) It discusses access control lists which provide a more granular approach than default permissions by allowing individual user and group permissions for each file.
2. Contents
• An Introduction to Linux Security
• Understanding User Security
• Understanding File-System Security
• Using Access Control Lists
• Linux Is Secure as You Make It
3. Introduction to Linux Security
Dennis Ritchie, one of the original developers of the UNIX
OS, once said that "UNIX is basically a simple operating
system, but you have to be a genius to understand the
simplicity."
4. User Security
At its basic level, Linux implements a user security model that consists of
users and groups. A user within the OS has the following characteristics:
• Username. This is the name that the user enters at the login prompt.
• User ID. This is a unique numeric identifier to which the OS maps the
username. The user ID is integral to the functioning of the file system.
• Primary group. All the files created by the user will be associated with
this group by default.
• Associated groups. These are additional groups that the user belongs
to. The user will be able to access files owned by the groups.
5. File-System Security
• Read. This permission allows users to open a file for reading as well as
look at the contents of a directory.
• Write. This permission allows users to open and modify existing files and
create new files in a directory. In addition, users can remove or rename
an existing file, provided they are the owner of that file.
• Execute. This permission allows users to execute a file, provided it's a
program or shell script. This permission also allows users to search
directories and change the current directory scope. Keep in mind that
the contents of the directory can't be listed unless the read permission is
also set.
Besides the permissions just discussed, you can set the Set user ID, Set
group ID, and Sticky permissions.
6. Access Control Lists
The default file-system security model is an all or nothing approach. In
other words, all members of a group are affected by a file's permissions. To
provide a more granular approach to file-system security, Linux supports
access control lists (ACLs). With ACLs, you can define individual user or
group permissions for a file (or directory), even if the user or group doesn't
correspond to the file's owner or owning group. The ACL implementation in
Linux file systems is POSIX compliant. ACLs are often used when a Linuxbased file server is replacing a Windows-based file server, which allows
Windows administrators to maintain the ACLs that they've come to rely on.
In the case of a Linux-based file server, if the file server is integrated into a
Windows authentication environment, administrators can continue to use
the Windows GUI to manipulate the ACLs. In addition, the Linux OS
provides the getfacl and setfacl commands to retrieve and set ACL
information, respectively.
7. Linux Is Secure as You Make It
It’s been said that Linux isn't a secure OS. However, it has the
tools necessary to implement an appropriate level of security for
an implementation environment.
Example: ClamAV, Snort, Wireshark, John the
Ripper, Nmap, Chkrootkit, Nessus
http://www.pcworld.com/article/224955/7_free_security_tools_fo
r_linux.html