Book Image

Practical Linux Security Cookbook - Second Edition

By : Tajinder Kalsi
Book Image

Practical Linux Security Cookbook - Second Edition

By: Tajinder Kalsi

Overview of this book

Over the last few years, system security has gained a lot of momentum and software professionals are focusing heavily on it. Linux is often treated as a highly secure operating system. However, the reality is that Linux has its share of security ?aws, and these security ?aws allow attackers to get into your system and modify or even destroy your important data. But there’s no need to panic, since there are various mechanisms by which these ?aws can be removed, and this book will help you learn about different types of Linux security to create a more secure Linux system. With a step-by-step recipe approach, the book starts by introducing you to various threats to Linux systems. Then, this book will walk you through customizing the Linux kernel and securing local files. Next, you will move on to managing user authentication both locally and remotely and mitigating network attacks. Later, you will learn about application security and kernel vulnerabilities. You will also learn about patching Bash vulnerability, packet filtering, handling incidents, and monitoring system logs. Finally, you will learn about auditing using system services and performing vulnerability scanning on Linux. By the end of this book, you will be able to secure your Linux systems and create a robust environment.
Table of Contents (20 chapters)
Title Page
Copyright and Credits
Contributors
Packt Upsell
Preface
Index

Make use of sudoers – configuring sudo access


Sudoer is the functionality of the Linux system that can be used by an administrator to provide administrative access to a trusted regular user, without actually sharing the root user's password. The administrator simply needs to add the regular user in the sudoers list.

Once a user has been added to the sudoers list, they can execute any administrative command by preceding it with sudo. Then the user would be asked to enter their own password. After this, the administrative command would be executed the same way as by the root user.

Getting ready

As the file for the configuration is pre-defined and the commands used are inbuilt, nothing extra is needed to be configured before starting the steps.

How to do it…

Perform the following steps:

  1. You will first create a normal account and then give it sudo access. Once done, you will be able to use the sudo command from the new account and then execute the administrative commands. Follow the steps given to configure sudo access. First, use the root account to log in to the system then create a user account using the useradd command, as shown. ReplaceUSERNAMEin the command with any name of your choice:
  1. Now, using the passwd command set a password for the new user account, as shown:
  1. Now edit the /etc/sudoers file by running the visudo as shown. The policies applied when using the sudo command, are defined by the /etc/sudoers file:
  1. Once the file is open in the editor, search for the following lines which allow sudo access to the users in the test group:
  1. You can enable the given configuration by deleting the comment character (#) at the beginning of the second line. Once the changes are done, save the file and exit from the editor. Now using the usermod command, add the previously created user to the test group:
  1. Now you need to check whether the configuration created now allows the new user account to run commands using sudo.
  1. To switch to the newly created user account, use the su option:
  1. Now use the groups command to confirm the presence of the user account in the test group:

Finally, run the whoami command with sudo from the new account. As you have executed a command using sudo for the first time using this new user account, the default banner message will be displayed for the sudo command. The screen will also ask for the user account password to be entered:

  1. The last line of the output shown is the username returned by the whoami command. If sudo is configured correctly this value will be root.

You have successfully configured a user with sudo access. You can now log in to this user account and use sudo to run commands the same way as you would from the root user.

How it works…

When you create a new account, it does not have the permission to run administrator commands. However, after editing the /etc/sudoers file, and making appropriate entry to grant sudo access to the new user account, you can start using the new user account to run all administrator commands.

There’s more…

Here are some extra measures that you can take to ensure total security.

Vulnerability assessment

A vulnerability assessment is the process of auditing your network and system security, through which you can come to know about the confidentiality, integrity, and availability of your network. The first phase in vulnerability assessment is reconnaissance, and this further leads to the phase of system readiness, in which we mainly check for all known vulnerabilities in the target. Next follows the phase of reporting in which we group all the vulnerabilities found into categories of low, medium, and high risk.