10

Chapter 1. The Philosophy of System Administration

1.11.3. Security

As stated earlier in this chapter, security cannot be an afterthought, and security under Red Hat Linux

is more than skin deep. Authentication and access controls are deeply integrated into the operating

system, and are based on designs gleaned from long experience in the UNIX community.

For authentication, Red Hat Linux uses PAM   Pluggable Authentication Modules. PAM makes it

possible to fine tune user authentication via the configuration of shared libraries that all PAM aware

applications use, all without requiring any changes to the applications themself.

Access control under Red Hat Linux uses traditional UNIX style permissions (read, write, execute)

against user, group, and "everyone else" classifications. Like UNIX, Red Hat Linux also makes use of

setuid and setgid bits to temporarily confer expanded access rights to processes running a particular

program, based on the ownership of the program file. Of course, this makes it critical that any program

to be run with setuid or setgid privileges must be carefully audited to ensure that no exploitable

vulnerabilities exist.

Another aspect of security is being able to keep track of system activity. Red Hat Linux makes exten 

sive use of logging, both at a kernel and an application level. Logging is controlled by the system log 

ging daemon

syslogd

, which can log system information locally (normally to files in the

/var/log

directory) or to a remote system (which can be a dedicated log server for multiple computers).

Intrusion detection sytems (IDS) are powerful tools for any Red Hat Linux system administrator. An

IDS makes it possible for system administrators to determine whether unauthorized changes were

made to one or more systems. Red Hat Linux includes a dedicated IDS (Tripwire) but the overall

design of the operating system itself includes IDS like functionality.

Because Red Hat Linux is installed using the RPM Package Manager (RPM), it is a straightforward

process to verify whether any changes have been made to any of the packages comprising the op 

erating system itself. In addition, RPM makes use of cryptographically based digital signatures that

are capable of ensuring the authenticity of any signed package. All packages produced by Red Hat

are signed and make use of this feature. However, because RPM's primary mission is as a package

management tool, its abilities as an IDS are somewhat limited. Even so, it can be a good first step

toward monitoring a Red Hat Linux system for unauthorized modifications.

Tripwire is a tool that was designed specifically as an IDS; as such, it is more powerful and flexible

than using RPM as an IDS. Tripwire constructs a database of baselines, which are snapshots of the

system configuration at specific points in time. By tracking changes to the baseline, Tripwire is able

to show system configuration changes as a function of time   a handy way of reconstructing the

chronology of an intrusion.

But solid intrusion detection is of no value if the IDS itself is vulnerable to tampering. Tripwire avoids

this problem by encrypting its configuration files, making unauthorized modifications impossible.

1.12. Additional Resources

This section includes various resources that can be used to learn more about the philosophy of system

administration and the Red Hat Linux specific subject matter discussed in this chapter.

1.12.1. Installed Documentation

The following resources are installed in the course of a typical Red Hat Linux installation, and can

help you learn more about the subject matter discussed in this chapter.