• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 370
  • Last Modified:

Linux security

Linux is open source. So one can know where the root password is saved by looking to the kernel source code. And one can (logically) code a virus which can corrupt that specific file, etc. But we are not facing such viruses in real world! How has linux solved this?
Huji
0
huji
Asked:
huji
  • 5
  • 5
  • 4
  • +1
3 Solutions
 
xDamoxCommented:
Linux writes the root password to /etc/password and /etc/shadow if these are corrupted you can still
get into linux via the boot command.

The reason why viruses dont do this is because only root can access the files and edit and change them
normal users art not allowed and its advided that desktop users not to use root as a normal user.
0
 
avizitCommented:
a bit off the mark , but in linux the security is achieved through user access permission on files. A normal user cannot modify the files wheer password etc are stored. He/she can read it but it's encrypted.
the security is achieved not by hiding,where the sfile is located .. that would be security through obscurity whic really is not advisable
read the following

http://en.wikipedia.org/wiki/Security_through_obscurity
0
 
hujiAuthor Commented:
So the point is, if I go online with the root desktop there is such a risk isn't it?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
avizitCommented:
There are lots and lots of machines online and which have the passwords  file located at /etc/passwords etc etc ..

but the thing is you cannot gurantee bout security , imean new holes are discovered and patches produced, so its a continous development process

then there is the risk of misconfiguring the system . Sometimes we make our system vulnerable by accepting the default config or even changing it and making it worse ,

so basically to have a secure machine online you need to read all the options and configurations , and download the latest security patches etc

0
 
xDamoxCommented:
avizit no normal users can read the shadow password file to see the encryption
also I dont know what linux you been using because its /etc/passwd and /etc/shadow.

so huji their is a risk if you go online as root that you will get something like that but you should only use root for installing software and added/updating security features.
0
 
hujiAuthor Commented:
avitiz. I understand what you say. I am not that dummy indeed!! :op
All togeather, I'm looking for security options. For example in Internet Explorer you can set that even when you are logged as an administrator, EXE files are not run automatically, or ActiveXs are not installed automatically... I want to know the similar options in Linux.
Huji
0
 
xDamoxCommented:
huji you ave gone off topic :(
0
 
hujiAuthor Commented:
No I've not:
The question I asked was to know how linux solve the security issue that every one knows where the password files are stored. You say root password is needed for any change to those files. I say I want to know linux security solution for people who want to log on as root and surf on the net. Is this really off topic?
I accept that you may be confused, and hope that I've clarified things for you.
Huji
0
 
avizitCommented:
Nothing can gurantee you foolproof security.

everyone knowing where the password file are stored is not a security issue. If its unknown and someone has the permissions he can always delete all the files and hence the password files would also be deleted as a result.

hence "everyone knowing where the password file is stored" is NOT a secutrity issue at all.

-------
maybe even I am confused here but you tell me how a system where you dont know where the password file is stored is more secure than when you dont know where the password file is stored.

0
 
avizitCommented:
oops read that as

...... how a system where you dont know where the password file is stored is more secure than when you  do know where the password file is stored.
0
 
hujiAuthor Commented:
Well giving the hackers the correct "aim" to try to reach to, and letting every body know that aim (which can increase the number of people who think of hacking) is a security issue isn't it?
There are lots of poeple who can know the infrastructure of linux, easier than other OSs. So there is a bigger chance for trying to hack. (And there is a bigger chance for finding the bugs before a hack occurs of course.)
Any how, I wanted to know other options except the root password, that Linux has for the better security, if there is any other left.
Thanks
Huji
---
I never say that a system where you don't know where the password file is stored more secure. I say people with little knowledge can hurt people with less knowledge more easily, than the case where people with little knowledge don't know where to aim to for such a silly game!
0
 
xDamoxCommented:
Linux is a *VERY* secure OS it beats microsoft windows security hands down also it dont matter
if hackers know where password files are stored on windows they are in he sams file.

The open source find bug quite often but are fixed before exploits are released this is a better method
because bugs are getting eliminated more quickly than a close OS like MS windows take their
IE bug they can fix it, there is also a virus out now taking advantage.

You can surf the net as root and use it on a day to day rotine its not reccomment tho but I would
just make sure you know whats in your downloads and emails
0
 
wesbirdCommented:
It is a lot more secure if you remember to shut down NFS and any unrequired daemons on public internet facing boxes.  This makes interesting reading: http://www.uwsg.iu.edu/hypermail/linux/net/9902.0/0059.html, and keep an eye on your inetd: http://www.ebcvg.com/news.php?id=4232, also try googling "nfs shadow linux problems hacked"

I've just set up a "new" box (built from scrap that's too old to run M$) today - first time I've been back to Linux for years - and guess what - it's great to be back ;-)   This was driven by necessity - the mother of invention.

Wes
0
 
wesbirdCommented:
P.S. for your info - what we're starting to do is deploying Linux boxes with twin NICs in the DMZ as mail/internet/Direct XML Gateway proxies between the DSL firewall and the rest of the corporate network, which is predominantly M$.  We're planning on having multiple DSL lines on several ISPs so that if (when) one ISP does go pear shaped -as they all do from time to time, that our redundant MX records ( when we get DNS in our control instead of the ISPs) are in our control.  This is still expermental - but I'm very pleased with the results so far.
0
 
avizitCommented:
when you say

>>>Well giving the hackers the correct "aim" to try to reach to, and
letting every body know that aim (which can increase the number of
people who think of hacking) is a security issue isn't it?<<<<<

You mean to say you can make your system by hiding those details.That
as i said is what is called "security through obscurity" google it up
to find out why it doesn't work

http://slashdot.org/features/980720/0819202.shtml
0
 
wesbirdCommented:
PS

You should take a look at http://www.unixpages.com/hls to sort out any firewalling requirements
0
 
hujiAuthor Commented:
Thanks wesbird, you make me really satisfied with your answers, and follow ups.
Huji
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 5
  • 5
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now