Project Part 3 Task 1: Use a Kernel

Kernels are the brains of Linux, the nerve center of how the operating system
functions. It is responsible for telling the CPU how to access hardware and process
driver information, and how processes requested from software applications should be
carried out. Given the importance of the kernel, it is therefore an important choice in
what kind of kernel should be used in a given installation of a Linux operating system.
There are three general types of Linux kernels available for use, the stock mainline
kernel, a custom kernel, or the vendor-supplied kernel that comes available by default in
Linux distributions such as Red Hat Enterprise Linux, Ubuntu, and Mint. Each of these
types of kernels has its advantages and disadvantages.
Some administrators may be Linux purists and only use the stock mainline kernel
developed by Linus Torvalds and his development team and made available online for
download (Kernel, 2014). The reason behind this decision is usually idealistic in nature,
and offers no real benefit over a vendor-supplied distribution kernel unless you want to
obtain the stock kernel for customization in a Linux distribution that you are developing
yourself. The stock mainline kernel is what the distributers of Linux start with before
customizing the kernel to better support their flavor of the Linux operating system. Using
the stock mainline kernel to replace the kernel in a vendor-supplied distribution of Linux
removes support for features and processes unique to that distribution of Linux, and
should therefore be a decision made with careful consideration.
Other administrators perhaps are advanced Linux developers and prefer to use a
customized kernel that has been modified by removing specific modules that arent
necessary for their intended use of the kernel, or experimenting with making
improvements of their own (Advantages, 2014). While its not unheard of for commercial
organizations to use a custom kernel, the required in house talent that is needed to be
kept on the payroll usually exceeds the business models of smaller organizations. One
of the benefits of using a custom kernel however is that attackers that are expecting to
use known but unpatched or zero-day exploits based on the kernel architecture will
have a hard time performing these kinds of attacks on kernel where those expected
modules have been removed.
The third type of administrator however is the one that just wants a stable kernel
that works with their distribution of Linux, and is therefore going to stick to the vendor-
supplied kernel that comes with their distribution. Depending on whether or not it is a
purchased distribution such as Red Hat Enterprise Linux, or a free variant such as
Fedora that is free for use and based on Red Hat Enterprise Linux, the level of support
that comes with using a vendor-supplied distribution will vary, but at the least forum
support and limited vendor support relating directly to that distributions kernel will be
available. There is still plenty of customization that can be done to the kernel even
without customizing the source compilation through the manipulation of kernel settings
by editing /etc/sysctl.conf to tweak or disable specific attributes (Jang, 2012).
For First World Bank Savings and Loan, the vendor-supplied kernel that comes
with the Fedora distribution of Red Hat Enterprise Linux will be more than sufficient to
meet the operating system needs for the servers to be used in making financial
information available to its customers via the Web server application that is in
development.
Project Part 3 Task 2: Recommend a Software Management Plan
Software applications are the reason that operating systems exist, that is we
have operating systems in order to utilize software applications that help accomplish a
task. Whether it is to process payroll for a company or play a video game online,
software is the interface for these functions. When it comes to businesses the number
of software applications in use can become quite numerous, and it takes a well-
organized plan to maintain the software used in a company. For a system administrator
this means making sure that software is deployed to the proper systems, configured
properly, routinely updated, and properly removed when no longer needed.
For larger enterprise operations this can be a daunting task even with a talented
team of system administrators, and these larger operations often turn to Software Asset
Management tools to automate much of the software management, especially when it
comes to licensing purchases and compliance. In a smaller organization such as First
World Bank Savings and Loan, the use of open source software and a small scale
enterprise operation mean that the software management can be done through the use
of the package managers that come installed with the Linux distribution. In the case of
Red Hat Enterprise Linux the package manager is RPM Package Manager in which
RPM literally means Red Hat Package Manager (Jang, 2012). RPM is the package
manager in RHEL that installs downloaded packages to their proper location, and is
assisted by Yellow Dog Update Manager otherwise known as YUM. YUM allows system
administrators to access repositories online that contain the most up to date versions of
popular software packages such as Apache Web Server and MySQL. Scripts in turn
can be generated and run via cron to guarantee that installed software packages are
kept up to date.
Anti-virus is another important consideration in managing software, as it protects
file systems, applications, and operating systems from the ravages of viruses and other
malware. There are those who believe that because the majority of viruses are written
for Windows users, that there is not much need for anti-virus when it comes to Linux.
This is an incorrect assumption, as much of the business world uses Linux, and with the
advent of the Linux-based operating system Android that is in use on many of todays
smartphones and tablets (About, 2014), viruses that have been written for Linux based
systems are becoming more and more popular. Of further concern is the fact that many
servers that use Linux have contact with file servers that need to be used by Windows
systems, and are therefore running Samba servers that help seamlessly file share
between both Linux and Windows. Because of this interactivity it is important to
safeguard against viruses aimed at Windows users being tucked into files on a Linux
system and then unknowingly unleashed on a Windows client.
In order to meet the needs of First World Bank Savings and Loan, it is
recommended that the system administrator use RPM via YUM to install and update the
common software applications that will be in use on the organizations servers, such as
the Apache Web server, the MySQL database server, and Samba that will be in use on
the file server. Furthermore, it is recommended that an anti-virus software such as AVG
for Linux (AVG, 2014) as it is a robust anti-virus that comes with frequent signature
updates and is easily implemented.
Project Part 3 Task 3: Monitor Logs and Baseline
One of the main steps of a good security plan is to utilize logs to review for
vulnerabilities or suspicious behavior in order to identify or prevent a malicious attack
against the system. The use of logs can also be beneficial in establishing a baseline so
that system administrators and the tools they use know what normal is, so that when the
abnormal occurs it is noticeable and can be reacted to promptly.
One such tool for creating a baseline and then monitoring the system for
changes is the software application called Tripwire. Tripwire is a file and directory
integrity checker that uses hashing to create a baseline measurement of the files and
directories on an operating system, and can then be used to periodically compare
current file configurations to the baseline to check for abnormalities such as alteration of
key system files by a cracker that makes it easier for return visits to further invade the
system (Tripwire, 2014). Proper configuration of Tripwire which includes creating a good
baseline, can be used to trigger alerts when key files have changed and no longer
match the hash that is stored in the baseline configuration.
Another system tool that is invaluable to system administrators is the ability to
check for root kits, which are software kits that use modified versions of administrator
tools for malicious intent. Original rootkits were exactly what they were named, kits that
aided crackers in gaining root access and therefore having elevated privileges. One of
the most common anti-rootkit tools in use and available for free as open source is
RKHunter (Sourceforge, 2014). RKHunter is available for use on most Linux
distributions, is easy to install, and supports package manager use for updates such as
RPM. RKHunter uses security hashes such as SHA1 and MD5 to check files for
tampering, scan for hidden files, and identify common files used in rootkits.
Port scanning is an easy way to identify available services on a network, by
finding out what ports are open and in turn what services are available on those ports.
The information that can be gained from port scanning can be used both as a method of
reconnaissance by an attacker and as a proactive defense by a network administrator in
maintaining a layered security defense. One popular port scanner that is used by both
crackers and security analysts alike is Nessus, a port-vulnerability scanner made
available for personal and enterprise use by Tenable Network Security on their website
(2014). Nessus is a great way to stay up to date on the status of ports that are open on
your network, especially if theyre not supposed to be open. Running a port and
vulnerability scan with Nessus at least quarterly and anytime significant changes are
made on servers where cardholder information is stored is an easy way to maintain PCI
DSS compliance on internal scans. In order to meet the external scan compliance
requirements of PCI DSS, contracting through an Approved Scanning Vendor is
required.
Having all of these tools available for use is great, but many of these tools run
automated services, and system administrators need a way to quickly review what goes
on in their systems each day. To meet this need, most applications generation log files
that are stored in /var/logs/application_name.log (Jang, 2012) and are generated
usually on a daily basis. In order to quickly parse this information, it is recommended
that Logwatch is installed via YUM, and edits made to its .conf file to email parsed log
reports to the system administrators email account on a daily basis (Digital, 2014).
Works Cited
"AVG Free | Download Free Antivirus Software | USA." AVG Free | Download Free
Antivirus Software | USA. http://free.avg.com/us-en/download.prd-alf (accessed
June 8, 2014).
"Advantages and Disadvantages of Customized Kernel." Advantages and
Disadvantages of Customized Linux Kernel.
http://blog.eukhost.com/webhosting/advantages-and-disadvantages-of-
customized-kernel/ (accessed June 8, 2014).
"Before you continue...." How To Install and Use Logwatch Log Analyzer and Reporter
on a VPS. https://www.digitalocean.com/community/articles/how-to-install-and-
use-logwatch-log-analyzer-and-reporter-on-a-vps (accessed June 7, 2014).
"Download Nessus." Tenable Network Security.
http://www.tenable.com/products/nessus/select-your-operating-system
(accessed June 8, 2014).
Jang, Michael H.. Security strategies in Linux platforms and applications. Sudbury, MA:
Jones & Bartlett Learning, 2011.
"The Android OS." About.com Linux. http://linux.about.com/od/mobiledevices/a/The-
Android-Os.htm (accessed June 8, 2014).
"The Linux Kernel Archives." The Linux Kernel Archives Atom. https://www.kernel.org/
(accessed June 8, 2014).
"Tripwire, Inc IT Security Software to improve data security and regulatory
compliance." Tripwire. http://www.tripwire.com/ (accessed June 8, 2014).