Linux security guide: Linux, open source security tools and tips

Start hardening your Linux servers with this guide to essential tools and applications for Linux security, including SELinux, Nagios, firewalls and more.


Because Linux code is scrutinized by security experts around the world, Linux is the preferred operating system for those who demand secure networks. But because Linux is open source, vulnerabilities can be easily exploited for malicious intent. As an increasing number of enterprises adopt Linux, managers and administrators require new tools and utilities to ensure a safe, secure network. has assembled and recently updated this guide to Linux security, which features a collection of news, how-to guides and expert advice for protecting data centers, servers and software.


   Introduction to Linux security
   Linux network security
   Linux and open source security tools
   Linux distribution and application security
   Linux security case studies
  Linux security terms



Introduction to Linux security


  • Guide to the Linux security toolbox
    In this newly updated guide, learn which Linux security tools and software to use for your open source system and how to configure them according to your needs.

  • Common security flaws to check for on your Linux-based Web systems
    Web application security vulnerabilities, such as weak passwords and PHP code injection, may exist on your Linux server. Learn what to look for and how to correct gaps.

  • A look at real-world exploits of Linux security vulnerabilities
    Hackers can find ways into your Linux server. Learn the weaknesses of your Linux system and what you can do to secure it.

  • Five common Linux security vulnerabilities you may be overlooking
    Linux has security risks that, left unattended, can lead to malicious attacks. Find out which five commonly overlooked Linux vulnerabilities, including outdated third-party applications, you should take note of.

  • When to use SELinux: An introduction to security-enhanced Linux
    Find out what security-enhanced Linux is, its origins and where to implement this useful Linux security system.

  • An open source security language: What is OVAL?
    Learn about the standardized security language OVAL, which helps IT admins consistently determine security vulnerabilities across systems.

  • Increasing kernel security
    "What are some block and character devices available for increasing my kernel security?"

  • Avoiding security blunders in Linux and IT infrastructures, Part 1
    Avoid common security errors made in IT infrastructure and maintenance. In this tip, an expert tackles unnecessary installations and explains the "hard-perimeter, soft-center" approach.

  • Avoiding security blunders in Linux and IT infrastructures, Part 2
    Avoid common security errors made in IT infrastructure and maintenance. In part two, an expert describes mistakes resulting from the "set-it-and-forget-it" mentality. 

  • Learning Linux security administration
    Learning Linux, especially Linux security administration, can seem particularly tricky for those only well-versed in Windows. Here, security expert James Turnbull offers some pointers for getting up to speed.

Phishing, Linux and Windows

  • Defensive measures for evolving phishing tactics
    As AT&T learned, hackers are putting a new twist on phishing schemes to gain access to sensitive information. In this tip, Ed Skoudis examines how to defend against these attacks.

  •  Linux vs. Windows security
    An expert describes what makes Linux more secure than Windows.

 Return to top



Linux network security

Using nmap for Linux administration and security
Learn how to use nmap, an ideal tool for network troubleshooting, auditing and scanning.

Using OpenSSH for secure network tunnels on Linux
The SSH protocol on a Linux network is secure enough for non-secure public and private Internets. Learn the basics of implementing and optimizing SSH tunnels with OpenSSH.

Getting started with OpenVAS
Learn how to install and configure OpenVAS, an open source network security scanner, from source on a Linux server.

Security essentials for Active Directory on Linux
Using Active Directory on Linux can be useful for Linux and Windows interoperability, but admins should understand security gaps that exist before integrating Active Directory into Linux.

OpenVPN: IPSec-like security with IPSec-less simplicity
Confused by IPSec? Try OpenVPN, a cross-platform compatible, modular network that works with virtually every firewall.


  • Nagios offers open source option for network monitoring
    IT shops using HP or BMC monitoring tools might want to take Nagios for a test-drive. Pro Nagios 2.0 author James Turnbull explains why.

  • Nagios Looking Glass: Getting started
    Nagios Looking Glass (NLG) allows users to access Nagios data on a Web server via an HTTP connection. Learn how to set up the NLG client-server model in this tip.

  • Managing events with Nagios Event Broker
    Use modules with Nagios Event Broker, a server event output and integration tool, for receiving events and executing code on them. In this tip, you'll learn how NEB functions, what modules are available and how to find other modules.

  • Linux security help: Nagios with BMC Patrol, setting up SSH and more
    How to configure Nagios with BMC Patrol. A security expert gives non-platform-specific help for setting up Secure Shell (SSH) and more in this interview.

  • Reporting Nagios data to BMC Patrol
    How to configure Nagios so that data alerts, reports and other information generated are sent to BMC Patrol, which will be used as an alert tool.

  • Running Nagios on RHEL 5 or Solaris 10
    A security expert recommends using a Linux-based operating system, like Red Hat, with open source network monitoring tool Nagios.


  • Host intrusion detection with OSSEC
    Keep your corporate network secure with open source OSSEC, an intrusion detection and prevention services tool that provides host agent and file integrity agent capabilities on Windows and Linux. In this tip, a security expert provides a walkthrough for installation and configuration.

  • OSSEC: The server and agent model
    Get the benefit of regular alerts and status reports from configuring open source IDS/IPS OSSEC to run as a server and agent model.

Simple Event Correlation

  • Simple Event Correlation installation and configuration
    Simple Event Correlation is an open source tool designed for reading incoming data feeds and performing actions based on user-defined rules. Learn how to install and configure this small- to medium-sized enterprise appropriate tool.

  • Defining event rules in Simple Event Correlation
    Simple Event Correlation is an open source tool designed for reading incoming data feeds and performing actions based on user-defined rules. In this tip, we'll learn about defining different types of rules associated with events and correlation.

The pros and cons of IPsec
"What are the advantages and disadvantages of IPsec? How does it work?"

CIPE vs. IPsec
"Which offers more security, CIPE or IPsec?"

 Alert vs. log in the Snort /var/log/snort directory
A Linux security expert explains that the difference between the Snort alert and log logs.

 Chapter 8, Security from "DB2 9 for Linux, UNIX, and Windows Database Administration Study Guide"
Download a sample chapter on security from this comprehensive study guide that covers all areas tested including: server management, data placement, database access, analyzing DB2 activity, DB2 utilities, and high availability.

 Linux security: Authenticate your users and know what they're up to
Do you know who has access to your data? Linux security expert Kurt Lingel explores some tools that help to authenticate users and monitor user activity.

 Security information management: OSSIM
Get an enterprise-wide view of the state of security with OSSIM, Open Source Security Information Management, a monitoring package of integrated open source tools.


 Return to top



Linux and open source security tools

Patching running Linux kernels on servers with no reboot using Ksplice Uptrack
Learn how the Ksplice Uptrack tool works to keep servers up-to-date with kernel security patches without the need to reboot, saving time and reducing downtime. 

Using BackTrack to check for Linux vulnerabilities
BackTrack offers database, Web and wireless security testing tools to help find Linux security flaws within your system. 

  Linux open source firewall software options
An expert looks into Linux open source firewall software options, such as FireHol and Untangle, which use netfilter/iptables.

Hardening Linux with Bastille Unix
Learn how to secure Linux systems with Bastille Unix, a GUI-based open source project designed to harden Linux operating systems.

Fortifying Linux against common malware
Find out how to fight malware by teaming a new capability in the Linux kernel with processor-based tools.

Using Sysmask to safeguard Linux installations
Find out how Sysmask-protected Linux installations in the enterprise can reduce the number of exploitable kernel-level vulnerabilities.

Account locking for Linux via PAM
Discover how to configure account blocking on a Red Hat host with PAM and prevent a potential denial-of-service attack caused by repeated locking of user accounts.

Seven tips for optimizing shell script security
Inherent weaknesses, a complex syntax and the general lack of consideration for security make writing secure shell scripts difficult. This tip focuses on major issues in shell script security across multiple shells.

Shell game: Managing Bash command history
Limiting or disabling the Bash command history can prevent attackers from gaining access to passwords, IP addresses and other valuable data and compromising your host.

SELinux Policy Editor: Removing micromanagement from administrative control
It can be tough to handle extended security attributes across a range of users, processes and files or directories that encompass more than one server. Enter SELinux Policy Editor, seedit, which offers a suite of native front-end administration utilities.

Higgins Project: Seeking identity management without Microsoft restrictions
The Higgins Project is an open source effort to create a standard for managing and defining digital identity. Here, a security expert discusses the challenges involved in integrating Higgins with Microsoft's proprietary CardSpace.


  • Protecting PGP keys
    Security expert James Turnbull describes public and private PGP keys and how to protect yourself.

  • E-mail privacy with PGP
    Using PGP and GPG for e-mail encryption, decryption and digital signatures can give you the keys to digital security and keep your IT shop safe from spoofing and hacking.

  • IT Managers: PGP is easy
    Save yourself a security headache and adopt the easy to use, comprehensive e-mail encryption tool known as PGP. Learn just what it has to offer your IT shop.

 Bastille Linux: Introduction and installation
Bastille Linux is an automated security tool, ideal for cross-platform environments. Get started here with an introduction and instructions for installation.

 Intrusion detection with Snort on Red Hat Enterprise Linux 5
Snort is a popular open source intrusion detection system (IDS). Learn how to install this security tool and configure it with MySQL on Red Hat Enterprise Linux 5. This is also applicable to Red Hat Enterprise Linux 4, CentOS 4 and 5 and Fedora Core 5 and 6.

Locking down open relays
Two tools to determine if your mail server is an open relay and has been compromised.

 Securing your Linux server with iptables
Harden your Linux server security with this tutorial on configuring the rules for iptables in your firewalls. See samples of code for rules and iptables, as well.

 Setting up SSH for remote, secure server access
General advice on setting up Secure Shell (SSH) for remote access from a server.


 Return to top



Linux distribution and application security

Installing the ModSecurity Web application firewall on Red Hat Enterprise Linux
The ModSecurity Web application firewall monitors Web server access to ensure requests are not malicious. Learn how to set up ModSecurity on RHEL 5.4 and Apache Web server 2.2x.

Finding password weaknesses in your Linux systems
Learn how to seek out unexpected password weaknesses in Linux and keep your systems secure. 

For Linux security, principle of least privilege prevails, says Red Hat security expert
An expert from Red Hat outlines Linux security best practices, including when to turn on listening daemons.

Using kickstart and understanding packages for RHEL 5.4 hardening
Using kickstart to harden RHEL 5.4 will protect Linux systems from security breaches and can save admins a lot of time down the line dealing with patches.

Hardening SUSE Linux Enterprise Server in eight steps
An expert details hardening SLES in eight steps, including how to lock down servers and keep packages up to date, to maintain a secure Linux server.


  • Scanning a compromised Fedora server
    Security expert James Turnbull explains how to determine if your server has been compromised and recommends some scanning tools.

  • Securing Fedora Core 5 against attackers
    A Linux security expert recommends several best practices for hardening your Fedora Core 5 proxy server.

Kickstart your Linux security by avoiding garbage installations
Unnecessary packages on servers pose a security risk, because their processes can be hijacked by hackers. But if you use Red Hat Kickstart, you can customize your installations without costing yourself loads of time.

Securing GRUB on Red Hat Enterprise Linux
Keep your Red Hat server safe from attackers by securing your GRUB boot loader with a password that will prevent unauthorized access to your hosts after a reboot.

Sealing Red Hat security gaps with open source security tools
Find out how Red Hat Linux users can blow up hackers and intruders with TripWire, Nessus and Snort.

Passphrases instead of passwords on Red Hat

  • Passphrases instead of passwords on Red Hat, Part 1
    Passwords may not be the perfect security control for corporate environments, because they are so easily tackled by attackers. Passphrases may provide a better solution, says James Turnbull in this tip, and Red Hat already includes the capability to use passphrases.

  • Passphrases instead of passwords on Red Hat, Part 2
    Passphrases may be a good alternative to passwords for corporate security. This tip discusses how to configure Red Hat to support passphrases.

YaST control center: Novell AppArmor
Create an effective security policy with Novell's AppArmor, which allows you to profile, monitor and restrict application behaviors for any server or workstation running SUSE.

SUSE security: Forgotten passwords, AppArmor
A security expert describes how to harden your openSUSE 10.2 installation and talks about open source security tools.

Using SUSE AppArmor to profile a workstation application in FireFox
Learn how to create application security policies with Novell's AppArmor in a FireFox browser, the OpenOffice suite or any SUSE Linux Enterprise server application.

The Linux desktop: Browser and distro security tips
Learn why distro security is subjective, what basic steps users can take to protect themselves from browser security flaws and why the Linux desktop is more secure than Windows.

Firefox plug-ins: Download or tune out?
There is no way to determine whether Firefox plug-ins are malicious or not. In spite of Mozilla's review process, users still download at their own risk.

 AppArmor vs. SELinux
An expert says that, yes, AppArmor does offer equivalent security to SELinux.

 Application security on Linux, Solaris and AIX
Considering the security of Linux, Solaris or AIX.

Licensing and application security
Licensing restrictions can provide safeguards but not a complete defense. What to look for when considering the security of an application.

 SELinux in RHEL 5: More enhanced, more security
Enhancements to SELinux functionality in Red Hat Enterprise Linux 5 (RHEL 5) are a much-needed improvement over the original deployment in RHEL 4. Our expert gives some tips on SELinux Troubleshooter utility, multilevel security integration and deploying the improved SELinux. By making the kernel modification easier to implement, administrators will have fewer problems implementing mandatory access controls which should lead to more secure systems.


 Return to top



Linux security case studies

Linux, virtualization help GHY meet post-9/11 requirements
In the post-9/11 world, security measures have been tightened, especially in the import/export industry. Learn how one firm used Linux and hardware virtualization to keep up with changing rules and add flexibility to client IT environments.

Linux grid takes out firm's aging mainframe
After decades on a mainframe, the U.S.'s oldest automotive information and metrics provider looked to Linux on a grid for an elegant -- and fast -- money-saving alternative.

At university, GroupWise on Linux beats out Exchange
When Golden Gate University's e-mail/collaboration software needed an update, Exchange was on the eval list. In this story, GGU's IT team explains why Exchange wasn't chosen and why the university is pursuing an aggressive new Linux and open source strategy.

Microsoft's high prices drive FSW to Linux, open source
Microsoft's high costs and pricing policies are driving FSW Inc. into the arms of the open source community. The company's IT director describes how and why FSW switched to Linux and open source apps and to server virtualization and OpenOffice desktops.

Church volunteer quells IT chaos with Linux
The Church of the Epiphany found IT salvation with a little help from Linux and Samba.

 TCS automates Linux server hardening
For Linux system administrators striving to harden a system on a server-by-server basis, Trusted Computer Solutions' Security Blanket may be the way to go.



Linux security terms

  Buffer overflow
  Honey pot
  Intrusion detection
  Trojan horse
  Virtual Private Network (VPN)
  Virus hoax
  Worm glossary


 Return to top

Dig Deeper on Linux servers