- Introduction to the Second Edition
- Who Should Read This Book?
- How This Book Is Organized
- What Are You Protecting?
- Who Are Your Enemies?
- What They Hope to Accomplish
- Costs: Protection versus Break-Ins
- Protecting Hardware
- Protecting Network and Modem Access
- Protecting System Access
- Protecting Files
- Preparing for and Detecting an Intrusion
- Recovering from an Intrusion
1.11 Protecting Files
On many systems, users are in need of security education regarding how to set proper permissions on their files, changing the initial password, and why some passwords are better than others. Sometimes a user will find a "cool" CGI script or program and ask you to install it or have the access to install it herself. Frequently these programs have severe security holes that are not obvious.
My favorite is the CGI script technique which is used to generate e-mail from a browser user's form submission. The problem with many of these is that the script simply drops the user's fields into a Mail command. All an intruder needs to do is to put a semicolon or newline in the middle of the right field and any text after that will be interpreted as a shell command. Even if the command is not running as root, the user may have access to the database or other critical data. Even experienced programmers may not understand all of the security issues.
There are many, many issues that must be attended to in order to maintain security on a Linux system on the Internet. This is called hardening a system. Similarly to securing your house against invasion, some things are simple, easy, and inexpensive such as locking the doors when you go out. Installing a deadbolt lock will improve security. Adding an alarm system is even better. Arranging 24 x 7 armed guards is the ultimate protection but unavailable to most and not cost effective, except for those at particular risk such as the rich and powerful. You must get "it" right 100 percent of the time, but the cracker only has to get lucky once.