Explain Security features Linux System ?

 Linux OS can be represented in the following with three layers. User, System and kernel.Kernel ,Consist of all the operating system resources such as file system ,memory, input/output modules and libraries.

The System layer consist of system resources  such as Application System interface (API).


And the User layer consist of all the user resources will reside such as application programs.


Linux is a multi-users and multi-tasking OS. Single Linux OS can provide services for more than one user at any time either locally and/or remotely. Every user has their own profile with custom settings that can be set by the user herself for the permitted settings or enforced by Root from the system side. For every user, there will be multi process running 'concurrently' for him,locally and/or remotely and it is said multi-tasking OS. In another simple word, single user can run many programs at any time. In order to optimize the resources such as memory, in every process there can be many threads and it is said multi-threading.



In Linux, systems' processes or services (in Linux term it is a daemon) normally run by Root. Originally, Root can be considered as the king with unlimited privileges that can control the whole OS. However, non-root group's users will have limited privileges. The many problems start when the users' privileges have been escalated to Root. When normal users have controlled or could access the kernel, it is a very bad situation. 

For the basic security features, Linux has password authentication, file system discretionary access control, and security auditing. By expanding the basic standard security features we have:

1.User and group separation
2.File system security
3.Audit trails
4.PAM authentication 

1.User and group separation.
User accounts are used to verify the identity of the person using a computer system. By checking the identity of a user through username and password credentials, the system is able to determine if the user is permitted to log into the system and, if so, which resources the user is allowed to access.
Groups are logical constructs that can be used to group user accounts together for a particular purpose.
 
2.File system Security
A very true statement of a UNIX/Linux system, everything is a file; if something is not a file, it is a process. Most files are just files, called regular files; they contain normal data, for example text files, executable files or programs, input to or output from a program and so on. While it is practically safe to say that everything you encounter on a Linux system is a file, there are some exceptions as listed below:  

a. Directories: files that are lists of other files. 
b. Special files: the mechanism used for input and output. Most special files are in /dev for example USB and CD-ROM. 
c.Links: a system to make a file or directory visible in multiple parts of the system's file tree. It is a shortcut. 
d.(Domain) sockets: a special file type, similar to TCP/IP sockets, providing inter-process networking protected by the file system's access control. 
e.Named pipes: act more or less like sockets and form a way for processes to communicate with each other, without using network socket semantics.


3.Audit Trails 
Linux kernel 2.6 comes with audit daemon. It's responsible for writing audit records to the disk. During startup, the rules in /etc/audit.rules are read by this daemon. You can open /etc/audit.rules file and make changes such as setup audit file log location and other option.

4.Plug-gable Authentication Modules authentication (PAM)
PAM was invented by SUN Micro systems. Linux-PAM provides a flexible mechanism for authenticating users. It consists of a set of libraries that handle the authentication tasks of applications on the system. The library provides a stable general interface to which privilege-granting programs (such as login) defer to perform standard authentication tasks.Historically, authentication of Linux users relied on the input of a password which was checked with the one stored in /etc/passwd. At each improvement (e.g. /etc/shadow, one-time passwords) each program (e.g. login, ftp) had to be rewritten. PAM is a more flexible user authentication mechanism. Programs supporting PAM must dynamically link themselves to the modules in charge of authentication. The administrator is in charge of the configuration and the attachment order of modules. All applications using PAM must have a configuration file in /etc/pam.d.

No comments

Powered by Blogger.