Linux

Automate Linux Tasks with Tools

Let’s take a look at two tools that can make life easier for the Linux admins by automating his day to day tasks.

Puppet

Puppet is an open-source tool designed to make automation and reporting much easier for system administrators. It is basically a configuration management software that helps in configuring and maintaining your servers and other systems in your network. Generally, Server administrators spend a lot of time doing the same task again and again daily. They always wanted to automate these tasks, so as to get more time to work on other projects or learn new concepts and scripting languages. Tasks can be automated by writing scripts, but in companies with a larger network, scripts don’t come in handy. This is where Puppet comes to the rescue as with the help of Puppet one can:

Let’s you define unique configuration setting for every host on the network
Monitor the network continuously for any alterations
Helps in creating and managing users effectively
Helps you to manage every open-source tool’s configuration settings

Ansible

Ansible is an open-source configuration management and IT enterprise automation software from Red Hat and it comes with a simple programming language enabling system administrators to effectively handle the automation and configuration process easily and effectively. Ansible consists of a controlling machine and the nodes being controlled by the controlling machine. The nodes are controlled over SSH. One of the main features of Ansible is that agents are not deployed to the nodes, but only communication is done through SSH. A low learning curve, consistency, high reliability and security are other features that make Ansible stand ahead of the competition. The only limitation of Ansible is that provisioning of bare metal and a virtual machine is not possible.

Nagios

Nagios, now known as the Nagios Core and it is an open-source automation and monitoring tool to manage all systems in your infrastructure. It also offers to alert services to alert the system administrators when it smells something fishy in your network. With the help of SNMP with Nagios, the system admins may also control and manage printers, routers and switches. Nagios allows us to create an event handler that can restart the faulty application and its services automatically whenever application and its services go down.

September 15, 2024 by Brian Software 0

BleachBit: Clear Your Disk Space Windows & Linux

Photo by Denny Müller on Unsplash

BleachBit removes all kinds of residual files and other traces of activity on your Windows or Linux computer.

It deletes unnecessary files to free disk space and remove junk on your system. It also helps maintain privacy by deleting various caches, cookies, Internet history, localizations, logs, temporary files, and broken shortcuts.

BleachBit is free and open-source.

July 15, 2023 by Brian Cyber Security 0

Securing Linux On-Premises: Essential Measures for Intermediate Linux Administrators

Photo by Collin Armstrong on Unsplash

When it comes to safeguarding Linux in an on-premises environment, there are several important measures that intermediate Linux administrators should implement. By focusing on these key strategies, you can enhance the security of your Linux infrastructure and protect your systems effectively.

Physical Security: Start by securing physical access to your on-premises Linux servers. Establish restricted access to server rooms or data centers, ensuring only authorized personnel can enter. Implement security controls like biometric authentication, access cards, or surveillance cameras to monitor and control physical access.
Network Security: Implement robust security measures to protect your on-premises Linux systems. Utilize firewalls to filter network traffic and allow only necessary connections. Segment your network into different zones, isolating critical servers from less secure areas. Regularly update and patch network devices to address vulnerabilities and minimize potential risks.
System Hardening: Harden your Linux systems by applying security best practices. Disable unnecessary services and ports to minimize the attack surface. Regularly update and patch your operating system and software applications to fix security vulnerabilities. Utilize strong and unique passwords for user accounts and consider implementing multi-factor authentication for an added layer of protection.
User Access Controls: Implement strict user access controls to limit privileges and minimize the risk of unauthorized access. Enforce the principle of least privilege, granting users only the necessary permissions required to perform their tasks. Regularly review user accounts and revoke access for users who no longer require it.
Security Monitoring: Implement a comprehensive security monitoring system to promptly detect and respond to potential security incidents. Configure and review system logs to identify any suspicious activities or signs of compromise. Utilize intrusion detection systems (IDS) or intrusion prevention systems (IPS) to monitor network traffic for unauthorized access attempts or malicious activities.
Regular Backups: Implement a robust backup strategy to ensure data integrity and availability. Regularly back up your critical data and test the restoration process to verify its effectiveness. Store backups securely and offsite to mitigate the impact of physical incidents or disasters.
Security Awareness and Training: Educate your staff on security best practices and raise awareness about potential threats. Train users to recognize social engineering techniques, phishing attempts, and other common attack vectors. Regularly update staff on emerging security trends and provide guidance on handling security incidents.

By implementing these measures, intermediate Linux administrators can significantly enhance the security of their on-premises Linux systems. Regularly review and update your security practices to stay ahead of emerging threats and ensure the ongoing protection of your Linux infrastructure.

April 15, 2023 by Brian Network Security 0

Linux Cloud Security

Photo by Joshua Sortino on Unsplash

Now that we have taken a look at how Linux security on-premises works, we can now look at why Linux in the cloud is much better in terms of physical security, and how it differs from Linux on-premises.

Many cloud hosting providers exist on the internet, and all offer the same type of package regarding getting your Linux server up and running, so it can be a daunting task to pick the right cloud hosting provider.

Given that the cloud gets rid of the physical aspect of hosting a server, it also eliminates the physical layer of the server security, which makes everything simpler. Cloud hosting providers offer varying levels of physical control, from booting and the shutting down servers to set up customized firewalls.

Let us take a look at some of the essential security measures to be taken in the cloud.

Console and account access

Your security policy should define the various individuals and their respective accounts that will have access to the cloud hosting provider console or dashboard, and the multiple permissions for interacting with the servers and any other resources. This will prevent unauthorized access by individuals who may not know how to interact with the dashboard or have malicious intent. This will also create a system of accountability, as only individual accounts will have direct access to interact with the servers.

SSH (Secure Shell)

SSH (Secure Shell) is a secure network protocol that allows users to access a computer remotely, over an unsecured network securely.

SSH will be the primary access point to your server, so it is essential to secure it correctly. Let us take a look at the various ways this can be done.

Change the default SSH port from port 22 to another unambiguous port. This is because the default SSH port will be subject to brute force attacks.
Make use of SSH keys instead of password-based authentication. This is extremely important as passwords can easily be guessed by brute force attacks and commonly used wordlists. SSH keys utilize asymmetric encryption, where the public key is stored on the server, and the private key is stored on your computer; as a result, access to the server can only be done by using the private key.

Setting up a firewall

Many cloud hosting providers provide firewall functionality that allows you to close any open ports that are not being used, this can be done at different levels of abstraction, for example, if you are using AWS you can create a security group that specifies the particular ports that can be accessed and associate it with your server, this can also be done on the server by using a tool like iptables.

Backups

Backups are vital for organizations that handle data. Many things can go wrong, not only from a security standpoint, but from a system administration standpoint, databases and files can be deleted by mistake, or hackers could gain unauthorized access and compromise the integrity of the data. Most cloud hosting providers provide backup and snapshot services worth every penny because they can be set up to automatically backup and take snapshots of your servers. If you prefer to backup files manually, you can also automate the process with bash scripts.

However, manual backups may not offer the same level of reliability and may not guarantee complete restoration; for this reason, automated tools and programs are recommended to streamline the process and ensure that data can be recovered correctly. We will not be covering the various tools that can be used for creating backups in this book as multiple factors like subscription costs are dependent on your security policy.

DDoS and Brute force protection

Brute force and DDoS are some of the most common types of attacks on servers. They usually target the web application or particular ports, and in the case of SSH, many tools can be used to prevent brute force attacks, an example of this is SSH Guard, this is a tool that blocks failed login attempts on both SSH and FTP protocols. DDoS attacks are equally as standard and are usually caused by exposing the origin IP address of the server to the public, and this should be avoided at all costs and will save you a lot of pain when securing your server. Using a Content Delivery Network (CDN) like Cloudflare will mitigate this risk, and provide other functionality like a WAF (Web Application Firewall).

System and package updates

Keeping your operating system, kernel, and packages up to date is very important, as new vulnerabilities may be discovered that affect your OS or packages; as a result, patches for these vulnerabilities will be pushed, and you will need to patch your system immediately.

These are some of the fundamental cloud security practices for your servers and infrastructure; they will be explained in detail later in the book.

Now that we have differentiated Linux security in the cloud from Linux security on-premises, we can see how the cloud offers much better protection by eliminating the need for physical security and giving us a much more extensive range of services.

Let us now look at how to develop a security policy inclusive of both the physical and software aspects of security.

May 29, 2022 by Brian Cloud Security 0