Home > Articles > Operating Systems, Server > Linux/UNIX/Open Source

Linux Security Installation Issues

📄 Contents

  1. About Various Linux Distributions, Security, and Installation
  2. Partitions and Security
  3. Choosing Network Services During Installation
  4. Boot Loaders
  5. Summary
While most Linux installation involves a discussion of the steps that are necessary to install a particular distribution of Linux, here you will learn the important steps you need to take during the installation procedure to ensure that your operating system is secure. Learn about the differences in installation procedures and security on various Linux distributions, partitions and security, choosing network services at installation, and boot loaders.
This chapter is excerpted from Maximum Linux Security, Second Edition.

Installation chapters are rarely anyone's favorite. I find myself skipping over installation chapters simply because they mirror the installation instructions that came packaged with the software I'm using. This chapter aims to be something different.

Most Linux installation chapters discuss the steps necessary to install a particular distribution of Linux. These chapters also end when the final "install" button is clicked. In this chapter, however, you'll learn the important steps to take during the installation procedure to ensure that your operating system is secure:

  • Differences in installation procedures and security on various Linux distributions

  • Partitions and security

  • Choosing network services at installation

  • Boot loaders

About Various Linux Distributions, Security, and Installation

More than 110 Linux distributions exist, and more will undoubtedly appear and disappear over time. These distributions all share some common characteristics: the same kernel releases, the same basic applications, and, with few exceptions, the same core source code.

This might persuade you that all Linux distributions are identical. Not true. Subtle differences do exist:

  • Different Linux distributions have different installation tools, and their functionality might vary. Some installation tools automatically specify which network servers activate on boot, and some don't. Others ask you.

  • Some installation tools drill down into individual packages so that you can choose precisely what software is installed. Other installation tools offer less incisive scope, such as asking you which sets of software you'd like to install rather than which individual applications.

If you're new to Linux, these variables can affect your system's security. Frankly, you might end up with innumerable software packages and servers installed that you know nothing about.

This is a major problem facing Linux newcomers, and the publishing field hasn't helped. Although there are countless Linux primer books, few of them contain comprehensive lists of installable software. This leaves newbies in an odd position. Faced with choosing individual applications or installing the entire distribution, most will choose the latter.

NOTE

Older distributions, such as early SlackWare, worked differently. The installation tool, based on shell scripts with a dialog front end, paused at every application and utility, forcing you to choose whether or not to install it. Each dialog displayed the application's description per its Linux Software Map entry. This allowed you to ascertain each program's purpose and whether or not you needed it. For system administrators who have an understanding of Unix, this is fine. For others, it made installing Linux tedious and confusing.

Is it really so important that you understand precisely what you're installing? Yes, and here's why: Linux markedly differs from other operating systems in that no single entity controls development and testing. When you venture beyond Linux's kernel (the system's heart), Linux is composed of several thousand different tools, modules, libraries, and so forth.

Many of these components are derived from third-party, academic, freelance, and commercial developers all around the world. Each developer is responsible for their application's quality control, and hence your mileage might greatly vary. To understand why, please examine Figure 3.1.

Figure 3.1 Various types of Linux software.

Figure 3.1 shows various types of Linux software and an admittedly generalized critique of quality control at each level. Here's what it shows:

  • The Linux kernel and must-have tools have been rigorously tested for common programming errors that could potentially threaten system security. The folks doing this testing have a lot of experience and are familiar with Linux source and development history, particularly from a security standpoint.

  • Semi-commercial tools are tools that would be commercial on any other platform. Recently, there's been a huge influx of such tools as large corporate vendors move into Linux territory. These tools might have excellent security, but many probably don't. Porting complex commercial applications to Linux, a relatively new and unfamiliar operating system, is an error-prone enterprise. Furthermore, some vendors view Linux ports as policy decisions (testing the water) and allocate less time and effort to analyzing their port's security status, unless the application is specifically related to security.

  • Finally, beyond core Linux code and semi-commercial contributions lie freelance, beta, and other tools. This category already makes up a substantial portion of Linux and is growing rapidly. Testing here varies. Many new Linux tools are the result of the well-intentioned, enthusiastic efforts of budding programmers. Some have long Unix experience and are well aware of security issues. Others might be just starting out.

As you move farther from Linux's basic core, you reap increasingly disparate results—with the notable exception of security tools. Some Linux security tools have reached levels of excellence equaled only in high-performance, commercial security applications.

If you're using Linux for personal use, you can install the entire distribution without worry. Just employ good security practices, back up often, and be prepared to learn through trial and error.

However, if you're using Linux for enterprise or mission-critical tasks, and therefore cannot tolerate error, take a different approach:

  • Before employing Linux in your enterprise environment, learn a bit about software packages, what they do, how long they've been around, and whether you actually need them. For this, I recommend visiting the Linux Software Map at http://www.boutell.com/lsm/. The LSM is searchable, which is nice because there are currently about 3,000 entries.

  • If your Linux distribution includes proprietary tools, investigate their utility and security track record. See Appendix D, "Sources for More Information," for more information about each distribution (bug lists, revision tracking sites, bulletins, vendor advisories, and so on).

Beyond these steps, try adhering to this cardinal rule: Less is more. Try installing only what you need.

This can be difficult, especially if you've just discovered Linux. Linux offers a wide range of applications and multiple subsets within each application type. Thus, in addition to the dozen text editors available on your distribution's CD-ROM, there are probably 25 more Linux text editors available. That's a lot of choices.

In particular, be extremely careful when you're choosing networked applications (anything that relies on a daemon). If a networked application has flaws, it can expose your system to remote attack. No other operating system offers as many networked applications as Linux. Indeed, Linux developers have gone hog-wild, networking everything from CD players to scribble pads. If it can be networked at all, Linux surely has networked it.

In short, before you install Linux in an enterprise environment, take the time to read about it. It's worth the effort, and you'll find your research interesting and enlightening. Linux is an operating system that's rich with possibilities and that supports truly amazing applications. For example, do you need DNA-sequencing tools or a means to view molecular structures? No problem. Go to http://SAL.KachinaTech.COM/index.shtml.

Finally, I should point out that even given all this, when Linux is properly installed and maintained, it offers excellent security. You simply need a Linux security overview, which is what this book is for, after all. Let's get started.

All Distributions Are Not Created Equal...

If you haven't chosen a distribution yet, now is the time to do so—but be aware that not all Linux distributions are the same or stress the same features. This can be difficult for first-time users to understand. After all, Linux is Linux, isn't it? Yes and no. As I've already mentioned, the installation procedures vary greatly among the different Linux distributions. Additionally, the feature sets vary—some versions are focused on the user experience, whereas others are aimed at creating a brick wall in terms of security. Unfortunately, many Linux distributions try to be everything to everyone and come up short.

The following is a short look at some of the current distributions and what sets each one apart from the pack:

Stampede Linux—Available for Intel and Alpha processors, Stampede provides a hardware-optimized port of Linux. This is not a good beginner distribution, but would work nicely for a network administrator or seasoned Unix professional. http://www.stampede.org/

Phat Linux—The Phat distribution is an excellent starting place for users who have been working with Microsoft Windows and are unwilling to give up their Windows installation completely. Phat installs on an existing Windows partition and offers a full complete KDE-based Linux desktop environment. Installation is painless and extremely quick. http://www.phatlinux.org/

SuSE—Available for Alpha, PowerPC, Intel, and Sparc platforms, SuSE offers a simple installation process, large collection of included applications, and power features for the advanced user. One of the big SuSE advantages is out of the box support for a journaling file system. This can be used to create a very stable and fault-tolerant desktop or server. http://www.suse.org/

Yellow Dog—The Yellow Dog distribution is for PowerPC computers and is mainly intended to provide a secure and optimized Linux distribution for the Macintosh G3 and G4 series as well as IBM RS/6000 machines. If you're a Mac user looking for a simple transition from Mac OS, you're better suited running the standard LinuxPPC distribution. http://www.yellowdoglinux.com/

OpenLinux—OpenLinux originally described a single Linux distribution. Today it describes a family of distributions from Caldera. If you know what your Linux application will be, Caldera is the place to go. From ASP solutions to a secure desktop environment, Caldera offers distributions targeted to different applications, all with easy installation and excellent support. http://www.caldera.com/

Linux Mandrake—Based on the Red Hat distribution, Linux Mandrake is a Pentium-optimized distribution with graphical administration add-ons that make installation, updates, and file management a breeze. Although the Mandrake distribution is relatively new, it is quickly becoming a favorite of many users. In fact, PC Data ranked Mandrake as the number one selling Linux distribution in December 2000. http://www.linux-mandrake.com/

Red Hat—Red Hat is the powerhouse of Linux distributions. It has led the Linux charge into the workplace and, in many respects, is single-handedly responsible for making Linux a player in the enterprise workplace. Sporting a remarkably simple installer with auto-partitioning, RAID support, and desktop or server installations, it can create both secure desktop systems and powerful servers. Unfortunately, the introduction of Red Hat 7.0 alienated many longtime users with a restructured file system and other significant changes. If you're a first-time user, however, you'll be amazed at the polish given to the Red Hat distribution. Red Hat is available for Intel, Sparc, and Alpha systems. http://www.redhat.com/

Debian—Debian Linux is a popular distribution amongst advanced Linux/Unix users and system administrators. The installation process is not nearly as seamless as other distributions, but, at the same time, the quality of the included software and stability of the system as a whole are much greater. Debian does not bill itself as a Linux distribution, per se. Instead, it is a package of software and utilities that happens to run on the Linux kernel. Efforts are underway to port Debian to other kernels (BSD, and so on) as well. http://www.debian.org/

Slackware—The Slackware Linux distribution was the first popular distribution created. It enjoyed great success in the early and mid-1990s, but after a few years it started to lag behind the powerhouses such as Red Hat and SuSE. Recently, Slackware has been reborn and is now up-to-date with the latest applications and services. Although not as friendly as other distributions, Slackware has been described as "a Linux user's Linux" and offers hardcore users the tools and utilities they'll need to create an Internet server or desktop platform. http://www.slackware.com/

I've used most of the distributions in this list and have found them to be well constructed and useful. Your best bet, if you're undecided, is to try out a few distributions and see what suits you best. After you decide on a route, stick with it. Switching between distributions can lead to confusion, as well as decreased efficiency in maintain your systems.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Overview


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information


To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information


Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children


This site is not directed to children under the age of 13.

Marketing


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information


If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information


Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents


California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure


Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact


Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice


We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020