2.11. Configuration Basics

2.11. Configuration Basics

Before considering Linux configuration issues in depth, I want to establish some basic rules applicable to any operating system or service. If you follow these rules, you will be able to build a really secure system, be it a single server or a computer network.

2.11.1. Everything Not Permitted is Prohibited

When configuring the access parameters, you should adhere to the following rules of minimization:

  • Run as few programs as possible. This concerns not only whole services but also their components . Suppose that you use the Apache Web server. This program has many features, among which is support of the PHP and Perl interpreted languages. Site programmers, however, normally use only one of these languages; consequently, there is no reason to enable both of them on your Apache server. If the site uses PHP, Perl should be disabled, and vice versa. If your site uses both script languages, you should fire your programmers: Mongrel systems are much more difficult to make secure.

  • Enable as few options as possible. Most administrators do not like to bother with configuring the system and allow complete access to all features that they think may be used. But such an approach is incompatible with security. The feature that you make available for a user may never be used by the latter but can be used by malefactors to break into your system and cause you lots of grief . For example, a folder may be opened for shared access on client computers on the argument that the users may have to exchange data. Maybe they will, but maybe they won't. Open folders for shared access only when the need for this arises.

The minimization principle will be often be recalled when I describe various aspects of Linux configuration, and prohibition will be the starting point when I analyze examples.

2.11.2. Default Settings

Default settings are intended for training purposes only, and most often enable all features so that you can evaluate the program's capabilities. Enabling all features violates the second rule of minimization.

If configuring the program does not involve many commands and parameters, it can be configured from scratch. But if the procedure is complex (a good example is configuring the sendmail program), the best option is to start with the default settings and then modify them as necessary. Don't try to configure a complex program from scratch. More likely than not, you will forget something and make some error with the configuration. Configuration files are difficult to work with because they are in the text format and the names of all parameters must be written without the slightest error. If at least one character is entered incorrectly, the parameter will not function properly or at all, and the operating system or the service will work with errors.

When writing a parameter name or a file system path , pay close attention not only to spelling but also to the use of the uppercase and lowercase characters . Linux is case-sensitive where names of files and directories are concerned . The same applies to some configuration files.

2.11.3. Default Passwords

During the installation, many services set default passwords. This problem is especially serious in Linux, because installation programs use RPM packages that most often do not even offer to change the default passwords. If I were in the developers' shoes, I would make it impossible to start services with no or default passwords.

For example, after the installation, the administrator account for the MySQL database is named root (not to be confused with the Linux root account) and requires no password to log into the database. There is no reason to have a database account with the same name as the operating system's most important account and without a password to boot. After installing MySQL, immediately change the database administrator's account name and set a password for it.

Before putting a system into commission, make sure that all of its passwords have been changed. Here is another example using MySQL. Administrators rarely use this database themselves ; they only install it. The configuration is usually performed by the programmers, who tune databases to their personal preferences and, for some reason, like to use default passwords. I am a programmer and, when developing databases, use default passwords, hoping that the administrator will take care of changing the passwords, but, as stated earlier, they seldom do.

Not only application programs and operating systems but also network devices, such as routers and intelligent switches, use default passwords. These devices have a built-in protection and authorization system. When initializing this system, the manufacturers don't bother with inventing account names and most often use Admin; the password is usually left blank altogether. This is a big oversight. A good idea in this case would be to use the device's serial number as its password. It is easy for the manufacturer to come up with and for the user to remember but difficult for hackers to pick. But even using the serial number does not guarantee total protection, because if a hacker sees the device, he or she can take a crack at its serial number being used as the password.

Lists of default passwords for various devices have been available on the Internet for a long time; thus, do not forget to change the passwords after installing a device.

2.11.4. Universal Passwords

BIOS manufacturers used to install universal access codes into their chips, which made it possible to enter the system without knowing the main password, installed by the administrator. For example, one of the Award BIOS versions used AWARD_SW as a universal password. Starting with version 4.51, this "service" is no longer available.

If it is possible to disable the universal-password feature, you should do this immediately. Otherwise, replace the equipment or programs. Leaving this feature in place will cancel out whatever other measures you may undertake to secure your system.

2.11.5. Security versus Performance

I already mentioned that security and performance pursue two different goals. Configuring the server for maximum security requires enabling such services as logging, firewalls, and the like, which lay their claim on processor resources. The more services enabled, the more system resources they use.

Each service can be configured in different ways. For example, the logging mode can be configured to log only the most important information. This reduces the workload on the hard drive but increases the chances of an attack going unnoticed. The other extreme is to configure logging to log all messages. Contrary to what you may think, this will not enhance the security, because the increased resource consumption facilitates carrying out a successful DoS attack.

When configuring a server and its services, you must be guided by the principle of necessary sufficiency. This means that you should do everything possible to make the server secure while keeping its performance as high as possible. To ascertain that this balance is achieved, the server should be tested at the maximum workload possible. The latter is defined as twice the number of requests per minute that the server is expected to service. If the server is up to the task and can handle all client requests with processor resources to spare, the system can be put into service. Otherwise, either the configuration should be changed or the computer's capacity should be enhanced.



Hacker Linux Uncovered
Hacker Linux Uncovered
ISBN: 1931769508
EAN: 2147483647
Year: 2004
Pages: 141

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net