A Linux system has two kinds of users: ordinary users and the root user. Each ordinary user has a robust set of permissions to manage his or her own files (and files that belong to a group that he or she is a member of), but an ordinary user cannot affect system configuration, start or stop essential services such as the SSH daemon, and cannot reserve a so-called privileged port, or any networking port numbered less than 1,024. The root user, though, is free to access and modify any file, perform any task, and affect the system at will.
We have all used sudo some point in using Linux but do you know the importance of sudo to Linux security? This article guides the user through everything a Linux user needs to know about sudo.
If you're concerned about protecting world-writeable shared directories such as /tmp or /var/tmp from abuse, a Linux® Pluggable Authentication Module (PAM) can help you. The pam_namespace module creates a separate namespace for users on your system when they login. This separation is enforced by the Linux operating system so that users are protected from several types of security attacks. This article for Linux system administrators lays out the steps to enable namespaces with PAM.
Have you heard about PAM? All Linux user's use PAM every time they use Linux. This article does a great job at explaining how PAM helps improve Linux user's security.
A Linux system has two kinds of users: ordinary users and the root user. Each ordinary user has a robust set of permissions to manage his or her own files (and files that belong to a group that he or she is a member of), but an ordinary user cannot affect system configuration, start or stop essential services such as the SSH daemon, and cannot reserve a so-called privileged port, or any networking port numbered less than 1,024. The root user, though, is free to access and modify any file, perform any task, and affect the system at will.
It's an important to learn how to use sudo securely. This article does a good job at helping users to setup sudo for their systems.
The containers developers have what would seem to be a relatively straightforward problem: they would like to control access to devices on a per-container basis. Then containers could safely be granted access to specific devices without compromising the overall security of the system - even if a container has a root-capable process which can create new device files.
Kernel security is a very importance part of the overall security of ones system. This article goes into one part of kernel security containerization.
Source: Rational Survivability - Posted by Ryan Berens
VMware and virtualization security is just beginning to heat up. In this article, we get an interesting view into the nature of this debacle. Should it be a surprise that security is going to be such an issue? According to this blogger, far, far from it; virtualization provides such a compelling shift in computing, that being caught "flatfooted" is embarrassing...
For the purpose of this post, I'm going to focus on the security implications of virtualization and simply summarize by suggesting that virtualization up until now has quietly marked a tipping point where we see the disruption stretch security architectures and technologies to their breaking point and in many cases make much of our invested security portfolio redundant and irrelevant.
Ouch! Read on...
