12 rules for building Secure Linux systems

Article Title: Twelve rules for Building a Secure Linux system. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
The core of a computer system is an operating system. Therefore, the security of an operating system directly determines whether information is secure. Is it an open-source operating system security or an open-source operating system security? This has different voices in the industry. However, it is certain that open source code is conducive to rapid modification of codes without security in order to meet security requirements.
　　
Because of the openness of Linux, we can build a Secure Linux operating system by modifying the system source code, combining existing system security technologies and adding our own encryption algorithms. Here we need to solve the following 12 problems.
　　
1. Identity Recognition and authentication
Identity Recognition and authentication are the most basic requirements of information systems. In general, Linux systems use user names and passwords for identity recognition and authentication. This includes some insecure factors, such as the theft of system password files and the intrusion by intruders. We can enhance the security of System Identity Recognition and authentication by adding other authentication forms, such as using public key algorithms, the user's private key is stored on the hardware medium carried by the user (such as the IC card and USB key). The system only retains the public key information in the user authentication information. In this way, even if the public key information is stolen, the hacker cannot calculate the private key and attack the system.
　　
2. Basic entry control
By providing obvious warning information, displaying relevant information during user login, and limiting the number of Logon failures, it can also effectively prevent intruders.
　　
3. Security Auditing
Improve the original audit function of Linux, and carry out a complete trail audit on users, processes and other object behaviors. First, audit should ensure that the audit information is not tampered with or deleted. Second, the system must be able to record all sensitive operations.
　　
4. Access Control
Add necessary access control implementation in Linux, such as mandatory Access Control (MAC) and independent access control (DAC ). Autonomous access control allows system users to allow or prohibit access by other users to their own objects as they wish. Currently, Linux provides a "main user/same group user/other group" permission protection mechanism similar to the traditional UNIX system. In order to provide better protection for user information, user-level control should be provided for users. Make the autonomous access control closer to the real situation. Mandatory Access control is a security access permission setting performed by the system administrator. It provides stricter access restrictions than autonomous access control.
　　
5. Encrypted File System
By adding an encrypted file system mechanism to the system, the data security of the system is ensured. Even if the storage medium of the system is stolen, the data is still unreadable when the hacker does not obtain the key. The open source code of Linux makes it possible for us to understand the file system architecture of Linux and to modify the file system. This makes the implementation of the encrypted file system possible.
　　
6. Integrity Protection
By tracking and maintaining the corresponding database for file and file systems, we can clearly identify the changes in the system. When some data in the system changes illegally, we can quickly find that, this avoids the existence of intruders and backdoors. This protection is combined with the backup mechanism, allowing the system to quickly perform self-recovery.
　　
7. intrusion Attack Detection and Prevention
Sensitive resources, IP addresses, or ports can be monitored to detect intrusions in a timely manner and take appropriate measures. For example, a large number of half-open TCP connections, external data packets with invalid source IP addresses, and operations on ports 138 and 139 may all be intrusion features. We can effectively prevent such intrusion by writing the corresponding code and organically combining it with the system.
　　
8. provides comprehensive security APIs
The system provides users with a complete set of security APIs, which helps users implement their own security applications in combination with the system.
　　
9. Modify the services in the system and add security mechanisms.
Upgrade the system service version and modify security vulnerabilities in the service.
　　
10. Provide secure services and applications
For example, Web services that support SSL, SSH, IPSEC, and e-mail programs that support PGP.
　　
11. provides comprehensive system security scanning and detection tools
Provides comprehensive security scanning and detection tools in the system. administrators can often perform security detection on the system to detect security risks in a timely manner.
　　
12. Use a secure encryption algorithm
Use a longer key (more than 128 bits) Recognized security encryption algorithm to implement encryption applications in the system.
　　
Open-source Linux provides us with new opportunities to implement a secure operating system platform. The Study of Linux-based security operating systems will help us to implement a proprietary security operating system and build our own information security platform.