One of the most important security features used today arepasswords. It is important for both you and all your users to havesecure, unguessable passwords. Most of the more recent Linuxdistributions include passwd programs that do not allow you to set aeasily guessable password. Make sure your passwd program is up to dateand has these features.
In-depth discussion of encryption is beyond the scope of thisdocument, but an introduction is in order. Encryption is very useful,possibly even necessary in this day and age. There are all sorts ofmethods of encrypting data, each with its own set ofcharacteristics.
Most Unicies (and Linux is no exception) primarily use a one-wayencryption algorithm, called DES (Data Encryption Standard) to encryptyour passwords. This encrypted password is then stored in (typically)/etc/passwd (or less commonly) /etc/shadow. When you attempt to login,the password you type in is encrypted again and compared with the entry inthe file that stores your passwords. If they match, it must be thesame password, and you are allowed access. Although DES is a two-wayencryption algorithm (you can code and then decode a message, giventhe right keys), the variant that most Unixes use is one-way. Thismeans that it should not be possible to reverse the encryption to getthe password from the contents of /etc/passwd (or /etc/shadow).
Brute force attacks, such as "Crack" or "John the Ripper" (see section Section 6.9) can often guess passwords unless your password is sufficientlyrandom. PAM modules (see below) allow you to use a differentencryption routine with your passwords (MD5 or the like). You can useCrack to your advantage, as well. Consider periodically running Crackagainst your own password database, to find insecure passwords. Thencontact the offending user, and instruct him to change his password.
You can go to http://consult.cern.ch/writeup/security/security_3.html forinformation on how to choose a good password.
6.1. PGP and Public-Key Cryptography
Public-key cryptography, such as that used for PGP,uses one key for encryption, and one key fordecryption. Traditional cryptography, however, uses the same keyfor encryption and decryption; this key mustbe known to both parties, and thus somehow transferred from one to the othersecurely.
To alleviate the need to securely transmit the encryptionkey, public-key encryption uses two separate keys: a public keyand a private key. Each person's public key is available by anyone todo the encryption, while at the same time each person keeps his or herprivate key to decrypt messages encrypted with the correct public key.
There are advantages to both public key and private key cryptography,and you can read about those differences in the RSA Cryptography FAQ,listed at the end of this section.
PGP (Pretty Good Privacy) is well-supported on Linux. Versions 2.6.2and 5.0 are known to work well. For a good primer on PGP and how touse it, take a look at the PGP FAQ: http://www.pgp.com/service/export/faq/55faq.cgi
Be sure to use the version that is applicable to your country. Dueto export restrictions by the US Government, strong-encryption isprohibited from being transferred in electronic form outside thecountry.
US export controls are now managed by EAR (Export AdministrationRegulations). They are no longer governed by ITAR.
There is also a step-by-step guide for configuring PGP on Linuxavailable at http://mercury.chem.pitt.edu/~angel/LinuxFocus/English/November1997/article7.html.It was written for the international version of PGP, but is easilyadaptable to the United States version. You may also need a patch forsome of the latest versions of Linux; the patch is available at ftp://metalab.unc.edu/pub/Linux/apps/crypto.
There is a project maintaining a free re-implementation of pgp withopen source. GnuPG is a complete and free replacement for PGP. Becauseit does not use IDEA or RSA it can be used without anyrestrictions. GnuPG is in compliance with OpenPGP. See the GNU Privacy Guard web page for more information:http://www.gnupg.org/.
More information on cryptography can be found in the RSA cryptographyFAQ, available at http://www.rsa.com/rsalabs/newfaq/. Here you will findinformation on such terms as "Diffie-Hellman", "public-keycryptography", "digital certificates", etc.
6.2. SSL, S-HTTP and S/MIME
Often users ask about the differences between the varioussecurity and encryption protocols, and how to use them. While thisisn't an encryption document, it is a good idea to explain brieflywhat each protocol is, and where to find more information.
SSL: - SSL, or Secure Sockets Layer, is an encryptionmethod developed by Netscape to provide security over the Internet.It supports several different encryption protocols, and providesclient and server authentication. SSL operates at the transportlayer, creates a secure encrypted channel of data, and thus canseamlessly encrypt data of many types. This is most commonly seenwhen going to a secure site to view a secure online document withCommunicator, and serves as the basis for secure communications withCommunicator, as well as many other Netscape Communications dataencryption. More information can be found at http://www.consensus.com/security/ssl-talk-faq.html.Information on Netscape's other security implementations, and a goodstarting point for these protocols is available at http://home.netscape.com/info/security-doc.html. It's alsoworth noting that the SSL protocol can be used to pass many othercommon protocols, "wrapping" them for security. See http://www.quiltaholic.com/rickk/sslwrap/
S-HTTP: - S-HTTP is another protocol that providessecurity services across the Internet. It was designed to provideconfidentiality, authentication, integrity, and non-repudiability [cannot be mistaken for someone else] while supporting multiplekey-management mechanisms and cryptographic algorithms via option negotiation between the parties involved in each transaction. S-HTTPis limited to the specific software that is implementing it, andencrypts each message individually. [ From RSA Cryptography FAQ,page 138]
S/MIME: - S/MIME, or Secure Multipurpose Internet MailExtension, is an encryption standard used to encrypt electronic mailand other types of messages on the Internet. It is an open standarddeveloped by RSA, so it is likely we will see it on Linux one daysoon. More information on S/MIME can be found at http://home.netscape.com/assist/security/smime/overview.html.
6.3. Linux IPSEC Implementations
Along with CIPE, and other forms of data encryption, there are also several other implementations of IPSEC for Linux. IPSEC is an effortby the IETF to create cryptographically-secure communications at theIP network level, and to provide authentication, integrity, access control,and confidentiality. Information on IPSEC and Internet draft can befound at http://www.ietf.org/html.charters/ipsec-charter.html. You canalso find links to other protocols involving key management, and anIPSEC mailing list and archives.
The x-kernel Linux implementation, which is being developed at the Universityof Arizona, uses an object-based framework for implementing networkprotocols called x-kernel, and can be found at http://www.cs.arizona.edu/xkernel/hpcc-blue/linux.html. Mostsimply, the x-kernel is a method of passing messages at the kernellevel, which makes for an easier implementation.
Another freely-available IPSEC implementation is the Linux FreeS/WANIPSEC. Their web page states,""These services allow you to build secure tunnels through untrusted networks. Everything passing through the untrusted net is encrypted by the IPSEC gateway machine anddecrypted by the gateway at the other end. The result is Virtual Private Network or VPN. This is a network which is effectively privateeven though it includes machines at several different sites connectedby the insecure Internet.""
It's available for download from http://www.xs4all.nl/~freeswan/, and has just reached 1.0 at thetime of this writing.
As with other forms of cryptography, it is not distributed with thekernel by default due to export restrictions.
6.4. ssh (Secure Shell) and stelnet
ssh and stelnet are suites of programs thatallow you to login to remote systems and have a encrypted connection.
openssh is a suite of programs used as a secure replacement for rlogin, rsh and rcp. It uses public-keycryptography to encrypt communications between two hosts, as well as to authenticate users. It can be used to securely login to a remote hostor copy data between hosts, while preventing man-in-the-middle attacks(session hijacking) and DNS spoofing. It will perform data compressionon your connections, and secure X11 communications between hosts.
There are several ssh implementiations now. The original commercialimplementation by Data Fellows can be found at The ssh home page can be found at http://www.datafellows.com.
The excellent Openssh implementation is based on a early version ofthe datafellows ssh and has been totally reworked to not include anypatented or proprietary pieces. It is free and under a BSDlicense. It can be found at: http://www.openssh.com.
There is also a open sourceproject to re-implement ssh from the ground up called "psst...". Formore information see: http://www.net.lut.ac.uk/psst/
You can also use ssh from your Windows workstation to your Linux sshserver. There are several freely available Windows clientimplementations, including the one at http://guardian.htu.tuwien.ac.at/therapy/ssh/ as well as acommercial implementation from DataFellows, at http://www.datafellows.com.
SSLeay is a free implementation of Netscape's Secure Sockets Layerprotocol, developed by Eric Young. It includes several applications,such as Secure telnet, a module for Apache, several databases, as wellas several algorithms including DES, IDEA and Blowfish.
Using this library, a secure telnet replacement has been created thatdoes encryption over a telnet connection. Unlike SSH, stelnet usesSSL, the Secure Sockets Layer protocol developed by Netscape. You canfind Secure telnet and Secure FTP by starting with the SSLeay FAQ,available at http://www.psy.uq.oz.au/~ftp/Crypto/.
SRP is another secure telnet/ftp implementation. From their web page:
""The SRP project is developing secure Internet software for freeworldwide use. Starting with a fully-secure Telnet and FTPdistribution, we hope to supplant weak networked authenticationsystems with strong replacements that do not sacrificeuser-friendliness for security. Security should be the default, not anoption!" "
For more information, go to http://www-cs-students.stanford.edu/~tjw/srp/
6.5. PAM - Pluggable Authentication Modules
Newer versions of the Red Hat Linux and Debian Linux distributions ship with a unifiedauthentication scheme called "PAM". PAM allows you to changeyour authentication methods and requirements on thefly, and encapsulate alllocal authentication methods without recompiling any of yourbinaries. Configuration of PAM is beyond the scope of this document,but be sure to take a look at the PAM web site for moreinformation. http://www.kernel.org/pub/linux/libs/pam/index.html.
Just a few of the things you can do with PAM:
Use encryption other than DES for your passwords. (Making them harder tobrute-force decode)
Set resource limits on all your users so they can't performdenial-of-service attacks (number of processes, amount of memory, etc)
Enable shadow passwords (see below) on the fly
allow specific users to login only at specific times from specificplaces
Within a few hours of installing and configuring your system, you canprevent many attacks before they even occur. For example, use PAM todisable the system-wide usage of .rhosts files in user's homedirectories by adding these lines to /etc/pam.d/rlogin:
## Disable rsh/rlogin/rexec for users#login auth required pam_rhosts_auth.so no_rhosts
6.6. Cryptographic IP Encapsulation (CIPE)
The primary goal of this software is to provide a facility for secure(against eavesdropping, including traffic analysis, and faked messageinjection) subnetwork interconnection across an insecure packetnetwork such as the Internet.
CIPE encrypts the data at the network level. Packets travelingbetween hosts on the network are encrypted. The encryption engine isplaced near the driver which sends and receives packets.
This is unlike SSH, which encrypts the data by connection, at thesocket level. A logical connection between programs running ondifferent hosts is encrypted.
CIPE can be used in tunnelling, in order to create a Virtual PrivateNetwork. Low-level encryption has the advantage that it can be madeto work transparently between the two networks connected in the VPN,without any change to application software.
Summarized from the CIPE documentation:
"The IPSEC standards define a set of protocols which can be used (among other things) to build encrypted VPNs. However, IPSEC is a ratherheavyweight and complicated protocol set with a lot of options,implementations of the full protocol set are still rarely used andsome issues (such as key management) are still not fully resolved.CIPE uses a simpler approach, in which many things which can beparameterized (such as the choice of the actual encryption algorithmused) are an install-time fixed choice. This limits flexibility, butallows for a simple (and therefore efficient, easy to debug...)implementation."
Further information can be found athttp://www.inka.de/~bigred/devel/cipe.html
As with other forms of cryptography, it is not distributed with thekernel by default due to export restrictions.
6.7. Kerberos
Kerberos is an authentication system developed by the Athena Projectat MIT. When a user logs in, Kerberos authenticates that user (using a password), and provides the user with a way to prove her identity toother servers and hosts scattered around the network.
This authentication is then used by programs such as rlogin to allowthe user to login to other hosts without a password (in place of the.rhosts file). This authentication method can also used by the mailsystem in order to guarantee that mail is delivered to the correctperson, as well as to guarantee that the sender is who he claims tobe.
Kerberos and the otherprograms that come with it, prevent users from "spoofing" the systeminto believing they are someone else. Unfortunately, installing Kerberos is very intrusive, requiring themodification or replacement of numerous standard programs.
You can find more information about kerberos by looking at the kerberos FAQ, and the code can be found at http://nii.isi.edu/info/kerberos/.
[From: Stein, Jennifer G., Clifford Neuman, and Jeffrey L. Schiller."Kerberos: An Authentication Service for Open Network Systems." USENIX Conference Proceedings, Dallas, Texas, Winter 1998.]
Kerberos should not be your first step in improving security of yourhost. It is quite involved, and not as widely used as, say, SSH.
6.8. Shadow Passwords.
Shadow passwords are a means of keeping your encrypted passwordinformation secret from normal users. Recent versions of both Red Hatand Debian Linux use shadow passwords by default, but on othersystems, encrypted passwords are stored in /etc/passwd file for all to read. Anyone can then runpassword-guesser programs on them and attempt to determine what they are.Shadow passwords, by contrast, are saved in /etc/shadow, whichonly privileged users can read. In order to use shadow passwords, youneed to make sure all your utilities that need access to passwordinformation are recompiled to support them. PAM (above) also allows youto just plug in a shadow module; it doesn't require re-compilation ofexecutables. You can refer to the Shadow-Password HOWTO for furtherinformation if necessary. It is available at http://metalab.unc.edu/LDP/HOWTO/Shadow-Password-HOWTO.htmlIt is rather dated now, and will not be required for distributionssupporting PAM.
6.9. "Crack" and "John the Ripper"
If for some reason your passwd program is not enforcing hard-to-guesspasswords, you might want to run a password-cracking programand make sure your users' passwords are secure.
Password cracking programs work on a simple idea: they try every wordin the dictionary, and then variations on those words, encryptingeach one and checking it against your encrypted password. If they get amatch they know what your password is.
There are a number of programs out there...the two most notable ofwhich are "Crack" and "John the Ripper"(http://www.openwall.com/john/) . They will takeup a lot of your CPU time, but you should be able to tell if anattacker could get in using them by running them first yourself andnotifying users with weak passwords. Note that an attacker would haveto use some other hole first in order to read your /etc/passwd file, but such holes are more common than you might think.
Because security is only as strong as the most insecure host, it is worthmentioning that if you have any Windows machines on your network, you shouldcheck out L0phtCrack, a Crack implementation for Windows. It's availablefrom http://www.l0pht.com
6.10. CFS - Cryptographic File System and TCFS - Transparent Cryptographic File System
CFS is a way of encrypting entire directory trees and allowing usersto store encrypted files on them. It uses an NFS server running on thelocal machine. RPMS are available at http://www.zedz.net/redhat/, and more information on how itall works is at ftp://ftp.research.att.com/dist/mab/.
TCFS improves on CFS by adding more integration with the file system, sothat it's transparent to users that the file system that isencrypted. More information at: http://www.tcfs.it/.
It also need not be used on entire file systems. It works ondirectory trees as well.
6.11. X11, SVGA and display security
6.11.1. X11
It's important for you to secure your graphical display to preventattackers from grabbing your passwords as you typethem, reading documents or information you arereading on your screen, or even using a hole to gain rootaccess. Running remote X applications over a network also can befraught with peril, allowing sniffers to see all your interaction with the remote system.
X has a number of access-control mechanisms. The simplest of them ishost-based: you use xhost to specify the hosts that are allowed accessto your display. This is not very secure at all, because if someone has accessto your machine, they can xhost + their machine and get ineasily. Also, if you have to allow access from an untrusted machine,anyone there can compromise your display.
When using xdm (X Display Manager) to log in, you get a much betteraccess method: MIT-MAGIC-COOKIE-1. A 128-bit "cookie" is generated andstored in your .Xauthority file. If you need to allow a remote machineaccess to your display, you can use the xauth command and theinformation in your .Xauthority file to provide access to only that connection.See the Remote-X-Apps mini-howto, available at http://metalab.unc.edu/LDP/HOWTO/mini/Remote-X-Apps.html.
You can also use ssh (see Section 6.4, above) to allow secure Xconnections. This has the advantage of also being transparent to theend user, and means that no unencrypted data flows across thenetwork.
You can also disable any remote connections to your X server by usingthe '-nolisten tcp' options to your X server. This will prevent anynetwork connections to your server over tcp sockets.
Take a look at the Xsecurity man page for more information on Xsecurity. The safe bet is to use xdm to login to your console and thenuse ssh to go to remote sites on which you wish to run X programs.
6.11.2. SVGA
SVGAlib programs are typically SUID-root in order to access all yourLinux machine's video hardware. This makes them very dangerous. If theycrash, you typically need to reboot your machine to get a usableconsole back. Make sure any SVGA programs you are running areauthentic, and can at least be somewhat trusted. Even better, don'trun them at all.
6.11.3. GGI (Generic Graphics Interface project)
The Linux GGI project is trying to solve several of the problems withvideo interfaces on Linux. GGI will move a small piece of the videocode into the Linux kernel, and then control access to the videosystem. This means GGI will be able to restore your console at anytime to a known good state. They will also allow a secure attentionkey, so you can be sure that there is no Trojan horse login programrunning on your console. http://synergy.caltech.edu/~ggi/
