Proper Linux Security Comes Down to Protecting Root
By Richard Williams

It goes without saying that as multi-child parents raise their kids, they learn a little bit more with each child. The same holds true with developers in the open source community. Since the early days when UNIX was free, with developer tools readily available, open-source developers feasted on each other's creativity and work ethic. Now, some 20-plus years later, the growth of Linux, like a younger sibling, is turning heads.

LINUX UNVEILED
As Linux matures, vulnerabilities are revealed. As attacks grow on the young operating system, the question that needs to be answered: Can it cope? According to the Aberdeen Group and others, Microsoft does not have the worst track record when it comes to security vulnerabilities. About one out of every two CERT security advisories this year was for open source and Linux software.

In the fight against malicious code writers, the open-source community is at a disadvantage. There is no single company responsible for security patches when vulnerabilities arise. High-profile security incidents are typically dealt with in a timely manner. The lesser-known, but still potentially damaging, vulnerabilities occasionally get put on the back burner.

SECURITY CHALLENGES WITH ROOT
The target of any Linux system is a special account called "root." When access to root is surrendered, the user has full permission over the system — he can do anything. The root account allows the user to perform any command and access any data. Buffer overflow and DDOS attacks typically result in access to the root account. Once in root, hackers can create backdoors and install rootkits on many systems to come back again and again. In a recent survey, more than 60 percent of the companies with Linux platforms do not have a solution to manage root administrative privileges. Of those that have implemented password/login solutions, two out of three use native services that have limited security.

With the numerous benefits of the Linux operating system come multiple shortcomings in its native security services. Linux uses an all-or-nothing security model as opposed to the more advanced multi-tiered security program. If compromised, native security surrenders full access via root. Once inside, a user can gain access to other machines via services like ftp or UseNet without authenticating themselves.

Not every attack is external. Many security threats can come from inside the network. Gartner Group estimates 70 percent of network security incidents involve those inside the corporate firewall. Whether intentional or accidental, incidents caused within the network can be extremely harmful. There is no delegation of privileges within Linux, offering full rights to any who have access to the machine. File systems, processes and system administration are left unprotected by native services.

Some common examples of inadvertent errors include system administrators who log in with full root privileges and forget to log out when they leave their machine. Native Linux cannot automatically log a user off a system after a period of inactivity.

Another common mistake occurs when administrators log in as root over the network. Unfortunately, when a user logs in as root, there is no accountability because there is no unique ID. Anyone with root privileges can easily erase log files to cover up their tracks. Furthermore, an attacker can use brute force methods and obtain root access.

Natively, Linux provides basic audit information such as who logged into a particular machine, the time of the login and the duration. However, there is no detailed information such as specific tasks performed by the user and environment variables.

SECURING ROOT
Finding alternative solutions that will offer enhanced root security, for both internal and external incidents, is the first step in securing Linux platforms.

Delegation of root privileges can be accomplished using the "SU" utility. The SU utility requires a user to log in with an individual account before being granted root or other administrative privileges. However, SU does not offer granular control of a user's activity. For example, it cannot restrict a specific user to perform backups on particular hosts on specific days or time.

Role-based access control (RBACJ is another solution for controlling root privileges. RBAC follows the least privilege principle and allows roles to be assigned to specific individuals according to their jobs. Roles can be assigned to administrators who need to perform backups, software application installations and other common system administrations. However, most users have complained that RBAC has a steep learning curve. In addition, each operating system vendor's RBAC implementation is proprietary to their own platform, creating challenges for a mixed Linux and UNIX environment.

Another utility to secure root is SUDO — an Open Source program. SUDO requires users to run as privileged alias identities each with their own account and password. However, SUDO is primarily a host-based solution allowing delegation of access rights to individual Linux systems to local users only. In a large network environment, this would require additional tools and administrative overhead. Additionally, similar to native Linux, SUDO lacks detailed logs making it more difficult to meet regulatory requirements.

Third party commercial solutions are available to implement tiered security for Linux systems, including the ability to delegate root account administrative privileges on a per user basis, controlling access to files and directories, comprehensive logging mechanisms for input and output, and a central tool for authorization management across heterogeneous Linux and UNIX networks (if applicable).

In a cyber world that requires increasing security, Linux systems tied into corporate networks cannot be overlooked. As the Linux platform continues to make tracks in the industry, users need to start considering appropriately securing their Linux machines and root. Using the proper tools, internal threats and external vulnerabilities can be avoided. Controlled access to services and functions within Linux, and most of all root, will result in stronger Linux security inside the network.

About the Author
Richard Williams is a product specialist for Symark Software, with more than 20 years experience in systems administration, architecture and design. He can be contacted at rwilliams@symark.com

<< Previous Page