During the last couple of years, Linux distributions have focused on improving the installation process of Linux in order to make the freely available operating system available to more people. It’s a noble goal, however, when making anything in computing easier, a common approach is to make a number of decisions for the user — decisions that can put an inexperienced (and possibly an experienced) Linux installer at risk.
Unfortunately, many Linux distributions make a number of painfully wrong security decisions at install. All too often these issues are overlooked by the administrator since the prevailing wisdom tends to be: “If it’s Linux, it’s secure.” As we’ll soon see, that’s not always the case.
For this article we’ll look at Ubuntu Sever version 8.10. The methodology used to determine if the installation is as secure as it could be is three fold:
- Identity,
- Authentication, and
- Authorization
Identity is key to providing access to computing resources. For most internal services, identity of confidential information must be limited to those needing the information. Typically this is based upon user identification. To determine the identity of the user it must be validated via authentication (passwords).
Authentication is key to ensuring a system is secure — since any security gained by identifying a user is quickly lost if weak authentication is used. Weak authentication can be caused by users (for example sharing or losing passwords), but weakness from a system standpoint will be reviewed in this article.
Finally, authorization is necessary to ensure the appropriate resource are authorized for the user. This allows individual resources on a server to be further managed; for example, directories, printers, etc.
Excuses, Excuses
It is common for Linux proponents (and the makers of operating systems on their chosen platform) to rationalize away many of the decisions that go into developing an installer. The most often cited reason for a lack of security is based on the idea that security does not go hand-in-hand with ease of use. This article will show how and when wrong security decisions are made by installation programs and a more viable and secure secure resolutions you can use to counter the issues.
Another common reason given for a lack of security is that a distribution is actually a collection of software and that the individual packages should be secure by the maintainer not the distributor.
This justification of bad behavior by more bad behavior is simply poor practice — if the distribution is making decisions on behalf of the user, then it should make a solid decision and not push decisions within its control back on the package maintainer. (In fact, the distribution should help assist the community and point out to the package maintainer, any security concerns it or its users have identified.)
Security During Installation
Let’s begin with a fresh install of Ubuntu Sever 8.10.
One of the immediate security concerns that come to mind during the installation of Ubuntu, is making the user’s home directory world readable: “The contents of your home directory will normally be visible to all users on the system” as shown in Figure 1, “Set up users and passwords”.
Figure 1: Set up users and passwords
Permissions open by default? In a rather odd twist, since the directory is wide open, the installer attempt to plug the hole by providing the option to encrypt a private directory!
A closer look at the permissions validates the files are world readable:
drwxr-xr-x 2 rmccarty rmccarty 4096 2009-04-13 09:40 rmccarty
In addition, any additional users will be created by the useradd command world readable due to the entry:
DIR_MODE=0755
in the /etc/adduser.conf file
Continuing now, during the software selection phase of the installation, the following items were selected for installing: DNS Server, LAMP server, mail server, OpenSSH server, and the Virtual Machine host, as these are most likely the instances the server version of Ubuntu would be deployed in a typical setting.
As the installation chugs along, it asks to change the “root” user password for mysql. This is excellent as mysql installs by default without a password set for the user “root” (root under mysql control, not the root account on the system). Unfortunately, the installer does allow the user to leave it blank rather than forcing the user to enter a password. The installer also does not enforce any minimum password lengths or rules. Another instance of choice trumping security.
For these gotcha’s Ubuntu gets an A- on the report card for authorization whenever it could easily have gotten an A. Making users files world readable to ease installation but then pushing the issue back on the administrator or user to address is not ease of use.
Next: Securing Your Network After Install
Loading ...
