Linux security vulnerabilities

From LQWiki
Jump to: navigation, search


Linux, like any piece of software, is susceptible to exploit if certain basic principles of system hardening are ignored. Some common vulnerablities to look out for are:

  • The base install of distro-foo includes a number of daemons that are listening for connections at boot time. The solution to this problem is to be selective during the installation and only choose the packages that you intend to run. No use running a DNS server if you don't plan to host DNS on that machine. Be paranoid, use Nmap to scan your machines for any open ports.
  • daemon-foo that you are running came with your distro's install and you've never updated it, you don't read Bugtraq or the software creator's web page for advisories, etc. If you host services to the public on your machine, you are obligated to keep track of updates that become available not only to your operating system, but also to the daemons that are running on it. BIND, Apache and Sendmail are the biggest known offenders, but there are many others, like vulnerabilities in the PHP that your web server uses, etc.


In order to avoid unnecessarily leaving your system vulnerable to exploits it is important to regularly obtain and apply security updates.

You should also routinely have a firewall, between your computer or network and the Internet. Even inexpensive routers normally have them. Linux has one, too.

It is critically important that you learn about and actually use the security features that are available in Linux. Even though you may be the only person who ever uses "your" computer, you must remember that any program that executes "on your behalf," with or without your knowledge, executes as "you" and has all of "your" rights and privileges! Therefore, most of the time you should be using a user-account ... set up with a meaningful, not-easy-to-guess password (which cannot simply be drawn from a large dictionary), that is entirely un-privileged. You should use the all-powerful root user-id only to perform actual system maintenance (that requires it).

What does this do for you? Quite simply, it means that if (somehow) a "virus"-type program actually found its way into your system and tried to run (which of course it would have to do "as you," with "your" privileges) ... it would not possess the privileges needed to actually do any harm to the system-at-large. It could not modify memory, and could not modify files (other than your own), because it would not have the privilege to do so.

If you "wear many hats" in your business, set up individual user-ids for each role that you play. After all, in real life "the CEO," "the accountant," and "the human-resources person" all have separate offices, separate file-cabinets with their own sets of keys...

Remember that most troublemakers in the computer-world are opportunists: "cat burglars." They're not magical: they just prowl the neighborhoods of the Internet, looking for windows that are open and doors that are unlocked. There are tens of thousands of such "sitting ducks." By taking even the slightest precautions to actually protect your systems, you are no longer "easy pickings," and the odds become quite good that you will be left alone. (The same thing's true in the Microsoft Windows world... where a very fine security model exists, but is not normally used!)


This article is a stub and needs to be finished. Plunge forward and help it grow!