Andrea Danti - Fotolia

How do I protect my OS with Linux security features?

Linux has a security framework with multiple layers, which makes it hard to maintain permissions and privileges. User-based profiles and whitelisting can help you oversee OS access and give you peace of mind.

With Linux's debut in 1992, IT admins gained an open source, Unix-type operating system for their data center maintenance and general computing needs. Because of its Unix foundation, Linux consists of multiple layers developed over time instead of simultaneously.

As a result, administrators must consider how to use these customizable Linux security features. Permission management and security modules, such as AppArmor and Security-Enhanced Linux (SELinux), can help build a safe Linux environment.

Security in layers

The kernel space is the environment in which full and unlimited access to all the hardware and devices exists; other security systems don't apply in kernel space. Kernel layer access is limited to the root user, but the Linux root user is not an admin with a lot of permissions. The root user account has unlimited access to the kernel space and is secured with a very complex password

Permissions determine how admins can access files, but they don't decide how admins can access the system. The Linux permission system only applies to IT administrators who are not the root user or end users.

Originally, there were just three permissions: read, write and execute. Administrators can apply these permissions to admin accounts, group owners and other users. However, computing needs have changed and rendered these permissions too limited, so Linux OS developers added a second set of permissions to address specific use cases. This set includes various combinations of the original read, write and execute permissions.

IT administrators can build a relatively secure Linux environment, but a strong Linux security system depends on many interconnected systems.

Linux developers then added access control lists to the OS, which allowed administrators to set permission levels for individual users or files. To secure file access with Linux security features, system administrators must ensure all these different permission sets are applied with chmod and chown commands.

Some IT administrators or power users need full access to a bash shell, which exposes the entire operating system. Admins should limit this type of access because intruders can enter a shell through an operating system flaw. Pluggable authentication modules allow administrators to shape the authentication process and determine the permitted commands.

How to implement Linux security features

IT administrators can build a relatively secure Linux environment, but a strong Linux security system depends on many interconnected systems. A bespoke system can work, but it increases the likelihood of problems such as connection issues between disparate systems. For that reason, two security modules were introduced to the Linux kernel in 1998: AppArmor and SELinux.

The main Linux security features of AppArmor and SELinux is that every action is denied unless it's specifically allowed. SELinux has the widest adoption of the two. Both of these kernels allow admins to configure functionality and filing access based on specific permissions.

SELinux's source code contains rules for running permitted operations and deflecting nonapproved operations. AppArmor uses per-program profiles that are configured for specific developer permissions, such as network access, read/write or file execution.

Dig Deeper on Data center ops, monitoring and management

Cloud Computing
and ESG