DNS is light on resources and can be great to improve privacy for all systems on your network. It even allows you to monitor for infected systems by reviewing the DNS server logs.
Linux System Administration Best Practices
System hardening is great, but how do you know you did all that is needed? That is why you perform a technical health scan of your system. We call this process a technical security audit. To perform a security audit you will need the right toolkit. Important is to learn some of the tools and their main purpose.
After all, there is no silver bullet in security. Fortunately, Linux provides a lot of security tools. Here is a top 3 for security auditing and vulnerability scanning. Get familiar with at least these three tools. Each of them provides valuable security insights. Also, they will be of great assistance during system hardening and to keep the system secured in the future. The first tool in alphabetic order is Lynis. This is an open source security scanner which runs on the host itself. It checks the configuration of the system, like a health scan for your body.
Any room for improvement is shared in a report. Lynis can also detect vulnerable packages and other weaknesses. A huge benefit of this tool is that it is very light on requirements and resources. In less than 1 minute you can perform a scan. So have this tool installed on your systems. Next in line is Nmap. This versatile port scanner is another battle-tested tool. It helps you to detect open network ports and perform different types of scans.
This includes vulnerability scanning and complements the previous tool. Nmap can perform both a check on the local system or do it from the network. It is a powerful tool, which also means it has many options. This can be overwhelming when using it for the first time. Using the tool with some examples from around the web will definitely help.
Finally, there is OpenVAS. This is an open source vulnerability scanner. It has many tests to perform vulnerability scanning. Based on the available systems and services, it will look more specifically at available vulnerabilities. As this tool primarily focuses on vulnerability management, it takes a bit more time to set up than the other two.
You will need a dedicated system with enough resources and have it update its database first.
Enjoying this article?
These three tools combined provide a good basis to detect weaknesses and continuously perform security checkups of your systems. Schedule Lynis to run daily on the machine. Have it email the results, or store the output on a central system. Use a daily difference check to show what has been changed. Do the same for nmap, to ensure no unwanted ports are opened unexpectedly. If you are using a mixed environment, nmap has also a way to show Linux systems only. Now it is time to start hardening the system. System hardening is the process of adding new defenses and removing weak spots in existing defenses.
- Fantaisie-Impromptu in C-sharp minor, op. 66 (!
- Fractals in Soil Science.
- Time series analysis and inverse theory for geophysicists!
- Enjoying this article??
- Were the Gods Really Astronauts?.
- Network Diagnostics!
- Transitioning from Windows to Linux administration: A guide for newcomers - TechRepublic.
We remove these weak spots by minimalization , detection of vulnerabilities , and adjusting weak configuration defaults. If you are new to Linux security, then read the article How to secure a Linux system. It provides a good introduction to these principles. Every piece of unneeded ballast on the system should be removed as much possible. This includes users, processes, files, directories, empty log files, etc. Often you can remove a lot without any impact to the system.
The same applies to unused user accounts. The article Unused Linux users: delete or keep them? The easiest way to kill a lot of vulnerabilities, or software weaknesses, is by installing the related software updates. This could be a critical bug causing data corruption, a new feature to make life easier, or solving a security weakness. We speak about updates when it slightly changes the behavior of a program. Often these are minor releases 1.
An upgrade is usually bigger, like moving to a new major version, or a new operating system version Ubuntu Both upgrades and updates help with getting better software and make system management easier. While there is always the chance of breaking some functionality or process, this should be no excuse to stop doing proper patch management.
Use clusters, snapshots, and backups to your advantage, to allow regular software updates to be installed. Most software is created to work as simple as possible. A typical sysadmin's role is not to design or write new application software but when they are responsible for automating system or application configuration with various configuration management tools, the lines somewhat blur. That said, system administrators are not software engineers or developers , in the job title sense.
Particularly when dealing with Internet -facing or business-critical systems, a sysadmin must have a strong grasp of computer security. This includes not merely deploying software patches, but also preventing break-ins and other security problems with preventive measures. In some organizations, computer security administration is a separate role responsible for overall security and the upkeep of firewalls and intrusion detection systems , but all sysadmins are generally responsible for the security of computer systems.
In larger organizations, some of the tasks above may be divided among different system administrators or members of different organizational groups. For example, a dedicated individual s may apply all system upgrades, a Quality Assurance QA team may perform testing and validation, and one or more technical writers may be responsible for all technical documentation written for a company. System administrators, in larger organizations, tend not to be systems architects , systems engineers , or systems designers.
In smaller organizations, the system administrator might also act as technical support, Database Administrator , Network Administrator , Storage SAN Administrator or application analyst. From Wikipedia, the free encyclopedia. For the privileged user account, see Superuser. Management accounting Financial accounting Financial audit.
Business entities. Corporate group Conglomerate company Holding company Cooperative Corporation Joint-stock company Limited liability company Partnership Privately held company Sole proprietorship State-owned enterprise. Corporate governance. Annual general meeting Board of directors Supervisory board Advisory board Audit committee. Corporate law. Commercial law Constitutional documents Contract Corporate crime Corporate liability Insolvency law International trade law Mergers and acquisitions.
Corporate title. Commodity Public economics Labour economics Development economics International economics Mixed economy Planned economy Econometrics Environmental economics Open economy Market economy Knowledge economy Microeconomics Macroeconomics Economic development Economic statistics. These are open-source applications that do a good job of scouring your server for potential threats.
CMSs are quite complex, so hackers are always trying to exploit security loopholes with them. Joomla, Drupal and WordPress, are all hugely popular platforms, so the developers are constantly working hard to bring out new security fixes. This means that updates are important and should be applied straight away. Backing up your server should be second nature, because you have so much to lose. Consider using cloud backups and hardcopies of your own. Plesk as well as cPanel automatically disallow anonymous FTP, but some setups have it pre-enabled.
Root kits are one of the most destructive pieces of malware out there. They function at operating system OS level, which means that they fly under the radar of the usual security measures.
- Network Diagnostics.
- Mad Hungry Cravings.
- Enhancing University Teaching: Lessons from Research into Award-Winning Teachers.
- Jericho Point (Evan Delaney, Book 3)?
- More resources.
- Complexity, Chaos, and Biological Evolution;
Even if it finds one though, root kits can be exceptionally tenacious enemies, so you may need to completely reinstall the operating system in order to get rid of any that you find. Passwords are your first line of defense, so make sure they are strong. It needs to be complex, sure, but it also needs to be the right length. Even if you do try to make it difficult to guess by using upper and lower-case letters, some numbers, and the general sprinkling of special characters, what will really make it strong is making it as long as possible.
Your users need to understand this, and at the admin level you can secure Plesk Onyx by enforcing the use of strong passwords which expire after a fixed period.