Today, in this article we will discuss how to master Linux server securities. Default securities are good in Linux but, require some extra care. Hackers can sniff your system easily if not taken care of properly. This is going to be a detailed topic I will try to cover it up in 02 to 03 writeups.
Key factors.
- Open Ports.
- Insecure or non-updated software.
- Weak passwords policy.
- Attacks on administrator accounts.
- Lack of physical securities.
Open Ports.
Ports scanning is the first thing that any Attacker would do before attacking your servers. They could get an idea of which service can be compromised based upon open ports. There are multiple methods to scan and identify open ports Nmap is one of them.
# apt install nmap # yum install nmap
Insecure or non-updated software
If you are not updating the server regularly, attackers can gain access via using exploits. Misconfigures services can be harmful too. Always make sure to keep Operating System updated. Multiple tools are available to test vulnerabilities. OpenVAS is one of the famous tool that can be installed on the server to scan vulnurabitiels.
Install OpenVAS
#apt install openvas #yum install openvas
Start Service.
# openvas-start && openvas-setup
Login to get reports.
Weak passwords policy
Using a tool like hydra attackers can gain access if your system is set up with weak passwords and have unwanted ports open. Always use complicated passwords and keeping them changing from time to time can reduce the chances of attacks. Let’s take a look at how hydra can be used to target servers with weak passwords. create a list of usernames and passwords with all possible combinations (userlist.txt & passwd.txt are created in my scenario).
# apt install hydra
Run command.
# hydra -L /root/userlist.txt -p /root/passwd.txt -u 127.0.0.1 ssh
Attacks on administrator accounts
Remember, if an attacker can gain access to an administrator account. An attacker can gain access to other servers as well. Even after having to have good securities, the hackers were able to gain access. Always make sure not to share passwords with unauthorized persons.
Lack of physical securities
Proving multi-factor authentications, providing physical locks can save servers from unwanted access. Do not provide any direct physical access like monitors or keyboards. Block all USB or other serial ports that can be attached directly to servers. No media file sharing has to be with critical operational servers.
Conclusion.
Today, we have learned how an attacker can gain easy access to servers & how to avoid it. Scanning ports with Nmap, system’s health check with OpenVAS are part of security assessment. In the next article, we will understand other aspects of security.
