Administration – Using Advanced Security Features

A dozen or so pages covering security-related commands are not nearly enough to address the depth of security tools available to you as a Linux system administrator. Beyond the commands covered in this chapter, here are descriptions of some features you may want to look into to further secure your Linux system:

❑ Security Enhanced Linux (SELinux) — The SELinux feature provides a means of securing the files, directories, and applications in your Linux system in such a way that exploitation of one of those areas of your system cannot be used to breach other areas. For example, if intruders were to compromise your web daemon, they wouldn’t necessarily be able to compromise the rest of the system.

SELinux was developed by the U.S. National Security Agency (NSA), who hosts a related FAQ at You need to install SELinux as separate packages. See for details.

❑ Central logging—If you’re managing more than a couple of Linux servers, it becomes preferable to have all your systems log to a central syslog server. When you implement your syslog server, you may want to explore using syslog-ng. Also, if you outgrow logwatch, you should consider using a log parser such as Splunk.

❑ Tripwire — Using the tripwire package, you can take a snapshot of all the files on your system, then later use that snapshot to find if any of those files have been changed. This is particularly useful to find out if any applications have been modified that should not have been. First, you take a baseline of your system file. Then at regular intervals, you run a tripwire integrity check to see if any of your applications or configuration files have been modified.

❑ APT database — Another way to check if any of your applications have been modified is by using the APT commands to validate the applications and configuration files you have installed on your system.

❑ chkrootkit—If you suspect your system has been compromised, download and build chkrootkit from This will help you detect rootkits that may have been used to take over your machine. We recommend you run chkrootkit from a LiveCD or after mounting the suspected drive on a clean system.


About msotela

This blog is for anyone who wants to access the power of a Linux system as a systems administrator or user. You may be a Linux enthusiast, a Linux professional, or possibly a computer professional who is increasingly finding the Windows systems in your data center supplanted by Linux boxes.

Posted on September 23, 2009, in Unix/Linux. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: