Protect system directories/etc and /home.
On any Linux system, the directory /etc contains important configuration files for
vital system and application software components of your server. System components
such as the host name, network services, list of hosts to allow or deny access, etc.
all have their configuration files stored in /etc. Critical applications such as
the secure shell (ssh), web server (apache), database server (mysql), scripting engine
(php), etc. all have their configurations files stored in this directory.
For obvious reason, potential intruders often consider /etc one of the top directories
to break in for a successful server compromise. Therefore, the next immediate step is
to secure and guarantee the integrity of your server by making sure that these two
directories are protected. It is important that this directory cannot be accessed by
anyone without root authority (having to know the root password).
While logged in as root, issue the following two chmod commands to disable read and write
access by anyone else (both groups users and other users).
[email@example.com ~]# chmod go-rw /etc
[firstname.lastname@example.org ~]# chmod go-rw /home
A protected /etc and /home should look like the following partial root directory listing.
You should note that even though directory browsing is disabled (no read access), the execute
permission is still present for anyone else. This setting allows a legitimate system or
application process to reach its own configuration files inside either /home or /etc if
the file name is explicitly specified.
[email@example.com ~]# ls / -alh
drwx--x--x 76 root root 4.0K Oct 2 08:38 etc
drwx--x--x 7 root root 4.0K Oct 12 04:40 home
The home directory of each Linux user is protected further by denying read, write, and execute
permission to anyone else who is not the owner of the user's home directory. If a particular
user is compromised in a security breach, the damages are limited to be within his or her home
directory and the intruder cannot browse other home directories. You should set aside an user
account with limited access rights to run important services or applications such as the web
server and database server instead of giving them root authority. For example, if the apache
web server and its php component are run as the user blee, compromised php scripts cannot
access the contents of /etc and /home. Any unauthorized modifications are limited to the user
directory /home/blee which can be detected quickly and restored easily.
[firstname.lastname@example.org ~]# ls /home/ -alh
drwx--x--x 5 root root 4.0K 2008-10-15 08:29 .
drwxr-xr-x 23 root root 4.0K 2008-10-16 09:42 ..
drwx------ 17 johnlee johnlee 4.0K 2008-10-24 13:34 johnlee
drwx------ 2 brucelee brucelee 4.0K 2008-09-29 07:06 brucelee
drwx------ 50 blee blee 4.0K 2008-11-14 23:40 blee
Once protected, attempted access to these directories will be denied, even if the intruder
may know the correct name of the subdirectory, as in the following example.
[email@example.com ~]$ ls /etc/ -alh
ls: cannot open directory /etc/: Permission denied
[firstname.lastname@example.org ~]$ ls /home/ -alh
ls: cannot open directory /home/: Permission denied
[email@example.com ~]$ ls /home/blee -alh
ls: cannot open directory /home/blee/: Permission denied