According to Linux advocates, Linux is among the most versatile, stable, and securable operating systems ever developed. But according to its detractors, Linux is neither as reliable nor as trustworthy as other Unix variants. BSD proponents, for example, sometimes charge that Linux's code base is too convoluted to ever be as "tight" as OpenBSD or even FreeBSD.
I don't presume to know in any definitive way whether Linux is more or less securable than other Unix variants. What I do know is this: Linux is useful, stable, and securable enough to warrant the time and effort required to "harden" it against Internet threats. This article explains some of the reasons I believe it's both possible and worthwhile to secure Linux for use as an Internet server platform.
Let's begin with the question of why you'd want to choose Linux as an Internet server platform in the first place. The following four points come up in many different contexts besides security, so I'll be brief.
Linux is a popular platform with developers. Virtually any type of Internet service you wish to run, be it HTTP, FTP, IRC, or the latest thing you've read about on Slashdot, can be run on Linux. For example, the most popular Web server application on the Internet is Apache, a free product commonly run on Linux systems (see www.netcraft.com/survey and apache.org). Increasingly, popular commercial software packages are being ported to and supported on Linux as well.
The Linux Community
Linux is developed, supported, and used by a large, global community. Free technical support is available on free, online message boards and mailing lists. Commercial technical support is also available from Linux distributors such as Red Hat and SuSE, as well as from various consulting firms.
The Linux kernel has been developed with stability as a key design goal, which means that problems with other software applications rarely, if ever, crash the entire system. There is no Linux equivalent of the "Blue Screen of Death." Application stability itself varies from package to package, but the packages included in mainstream Linux distributions are nearly always stable.
Linux runs on a wide range of hardware platforms, from commodity PCs to RISC systems, as well as on desktops, laptops, and server configurations and components. You can even build Linux clusters, using free software such as Beowulf or ClusterIT (for more information, see the Linux Clustering Information Center). A wide range of popular peripheral devices and cards are also supported.
OK, Linux is worth running. You probably knew or suspected that already, or you wouldn't be reading this. But you may also be aware that because a big part of Linux's success comes from its versatility, it tends to be optimized for functionality rather than for security. Just how big of a problem is this? What qualities of Linux make it securable against Internet threats?
Yes, the average distribution's default installation is tuned for functionality, not security. A large number of services may be installed and started automatically, possibly with insecure configurations to boot. This is obviously due to Linux packagers' desire to minimize difficulty for end users by maximizing the number of things that work right out of the box.
However, you can uninstall anything that is installed; you can tighten any configuration that is too loose; and if worse comes to worse, you can fix any vulnerable code (if the application in question is open source, and if you possess the motivation and skill). In other words, unlike closed or proprietary operating systems, you have complete control over your Linux system and most of the applications that run on it.
Furthermore, the installation routines for most Linux distributions now allow you to specify the role your system will serve (graphics workstation, Web server) and the rough level of security you want it to have. The idea that Linux is "insecure by default" is less of a problem than it used to be.
Once you've installed the packages you need and removed the ones you don't want, you can tighten the configurations of the packages that are left. This is less work than it sounds like: a well-designed Internet server should offer only a few different services, so other than the base operating system, you won't have more than a few services (daemons) to secure on a given system.
Most Linux server applications support a wide range of security features. What's more, because different applications often support similar security features (for example, running in a "chroot jail," or running as an unprivileged user) the time you spend learning to secure one application will decrease the time you spend learning to secure the next.
You're not alone in the task of hardening your Linux system. There are many Linux applications available that are dedicated to various aspects of system security. These include security scanners, intrusion-detection systems, filesystem-integrity checkers, access-control mechanisms, virus scanners, application proxies, encryption utilities, secure remote administration tools, system-hardening scripts, and firewall tools.
For example, Bastille Linux is a free Linux system hardening script that disables and reconfigures software packages based on a comprehensive barrage of questions about the precise role and needs of your system. Through its excellent explanations of these questions, Bastille also provides a short course in system-hardening principles and techniques.
Linux security applications can be instrumental in ensuring the integrity of not only individual systems but also your entire network. Furthermore, many free Linux security applications are as good or better than equivalent commercial products. The versatile and modular security scanner Nessus is one such application.
Besides its support for such a wide variety of security applications, Linux is being used as the basis for several new "secure operating system" products and projects. In fact, the Linux kernel itself has been enhanced, via the Linux Security Modules project, with security "hooks" that kernel modules and other applications can use to integrate security into the Linux kernel.
LSM-enabled projects include Immunix, LIDS, and Security-Enhanced Linux. Immunix, which started out as a DARPA research project, is a commercial product based on Red Hat Linux. Immunix has advanced tools for isolating processes from each other and for protecting against "format bugs" and "stack-smashing attacks."
The Linux Intrusion Detection System, or LIDS for short, is a project that provides Linux systems with more stringent access controls around files and processes. And Security-Enhanced Linux is a secure Linux distribution developed by the National Security Agency.
LSM and its related projects are new and have not yet attracted a large following. For this reason, plus time and space constraints, my book doesn't discuss them. However, future editions surely will. Advanced kernel-level security, particularly kernel-level access controls, represent a major step forward in the security of Unix and Unix-like operating systems.
Because it is powerful, popular, stable, and versatile, Linux is worth considering as a server platform. Because it is highly customizable, it supports a wide range of security applications, and is available in the form of "secure distributions" such as Security-Enhanced Linux and Immunix. Using Linux as a secure Internet server platform is therefore a worthwhile and achievable undertaking.
No operating system or software application can provide your Internet site with absolute protection from all possible threats. But Linux and the tools that run on it, combined with some time and effort on your part, can be used to secure a site as effectively as any other OS can, and more effectively than many.
O'Reilly & Associates will soon release (October 2002) Building Secure Servers with Linux.
Michael D. (Mick) Bauer is Network Security Architect for a large financial services provider. He is also Security Editor for Linux Journal Magazine.
Return to the Linux DevCenter.
Copyright © 2009 O'Reilly Media, Inc.