Chapter 2. Quick Fixes for Common Problems

In this chapter, many common problems are explained and quick fixes are provided. There are many of them because Linux offers so many standard features. Problems with more involved solutions are covered in later chapters. The quickly solved problems covered in this chapter concern configuration issues, services that are too dangerous to allow, and versions of software that have known vulnerabilities. These problems have allowed many systems to be broken into; you do not want to allow your system to be next. Problems range from the basic to subtle. They include recent insecure versions of popular programs as fundamental as the name daemon, named, that provides Domain Name Service. This program maps host names such as www.pentacorp.com into their numeric IP addresses, e.g., 192.168.57.8. This mapping is needed because the numeric address is used for routing messages to other systems.

This chapter will start with some security concepts and then dive into the seven deadly sins for Linux systems. You then examine various problems in-depth and solve them.

The topics covered in this chapter include:

• "Understanding Linux Security" on page 18

• "The Seven Most Deadly Sins" on page 27

• "Passwords A Key Point for Good Security" on page 41

• "Advanced Password Techniques" on page 46

• "Protecting the System from User Mistakes" on page 51

• "Forgiveness Is Better than Permission" on page 57

• "Dangers and Countermeasures During Initial System Setup" on page 64

• "Limiting Unreasonable Access" on page 69

• "Firewalls and the Corporate Moat" on page 73

• "Turn Off Unneeded Services" on page 86

• "High Security Requires Minimum Services" on page 93

• "Replace These Weak Doors with Brick" on page 94

• "New Lamps for Old" on page 103

• "United We Fall, Divided We Stand" on page 115