Security

From TheLinuxVault

Security and Backup

[edit] Overview

This section should cover securing the box from intrusion of all sorts, and backing up the important bits in case the security fails in some manner.

[edit] Security

There are different types of security. Physical, Internet, Encryption, Access, and Filesystem. All are important.

Physical security is probably the simplest to implement. This controls the access that is given to the physical system. Either through the keyboard, or entry into the computer case itself. Usually, these are prevented by the usual methods. Door keys, locks, obscure locations, or simply hiding or disguising the system.

Firewall: All modern Linux systems come with a default firewall inside the kernel called Iptables. A GUI such as Firestarter can be used to configure Iptables. This type of security is usually done by closing any un-used ports and services.

Anti-Virus: There are very few viruses for Linux. None work on a modern Linux system. Most came out after the security holes were already patched, and none were ever able to spread without deliberate installation, so they are only useful for research purposes. Linux systems have never had any risk of becoming infected by a virus, without intentionally installing one. [1] [2] [3] [4] [5]

Encryption: This is a means of disguising any data, whether it is travelling over a broadcast medium, or being stored somewhere. Truecrypt is a good encryption program.

Access: This refers to who can do what. This is a subset of the physical and internet security. A particular person may have access to the physical console, but no access to any system level. Another person may have access to the web service that same box hosts, but not to the tetris game the first person is using. One account that has access to everything is root. On most debian/ubuntu style distributions, this account is disabled by default. If you want to enable this account, read this article on Enabling Root Account. But keep in mind that this is a great responsibility. It is very easy to mess up any system as the root user.

Filesystem: This is usually covered by the file permissions. This controls who can read or write what files in which directories. This should be covered in detail elsewhere. Ls and cd are used to move around the filesystem. The permissions of the files can dictate who can see what.

[edit] Backup

Six words. Do it often, do it right. Properly done backups can make or break a recovery effort. An important thing to remember is to back up anything that is either difficult to replace, or hard to duplicate.

Common classic *nix utilities for performing backups are tar and cpio. cpio is a much older program for doing this, but it is good to know legacy software. tar is more commonly used in tape backups, but it can be used simply for building archive files.

 tar xvf filename.tar.gz
 tar xv < /dev/tape
 cpio -icdmuvB < /dev/tape

Another common tool is rsync. Rsync can be used to make a bootable clone.. In addition to basic file copying, rsync also offers the ability to synchronize the source and target volumes -- it can copy only the items that have changed, thus subsequent clones, or backups, are much faster. The syntax is pretty easy:

 sudo rsync -xrlptgoEv --progress --delete / /Volumes/Backup

That will backup your entire drive, deleting anything from the target that is not on the source drive (synchronizing, that is). Rsync also preserves resource forks (that's what the "E" argument is for) and will give you a bootable backup.

The sudo command above runs the rsync command as the root user. This is another means of Access security that must be considered.