Linux servers are manufactured to counter high demand of application such as database management, web services and network administration and system administration. Linux servers are more preferred due to its reliability, flexibility and stability. A major part of the IT market is relying over Linux platform. Linux servers now covers 16.8 % of all server revenue; up by 2.5 points over 2009.Linux server market revenue grew 30% to $1.8 billion when compared with second quarter of 2009.It share 16.8 % part of revenue grossed by all servers.
Hardening Linux servers :
A proper procedure and policy is required to maintain a secure computing environment where unauthorized access could be prevented .For making security risks should be assessed. While open source does not hide o/s inner working, but security is the core part of Linux kernel.
Linux servers are secured by External firewalls, SSH hardening and internal privilege hardening. Further some of measures can be applied that are as following:-
- Use PAM to make user control secure. Strong password and authentication controls are critical for host with high number of shell user.
- SELinux should be used while it is complex to configure but it strengthens more granular control.
- You should prevent advancement of tools if there is large no. of shell user.
- Centralized log monitoring system should be arranged and alert must be put over more critical and important log messages.SEC or Swatch like tool should be used.
ShellShock Flaw :
ShellShock Flaw has collected huge media coverage over the time. ShellShock Flaw allows invader to execute bash commands on unauthorized and unauthenticated host. It is basically a mass of vulnerabilities. The risk depends upon how bash interprets environment variables. The systems using Bash Scripts are at the higher risk .Some measures are taken to protect form Shellshock flaw are:-
- Defense in depth should be incorporated for systems that are using bash scripts.
- SELinux and APPArmor should be engaged to limit the access of bash to what user is running.
A required attention is brought to Shell scripting security by shellshock. Migration to languages that have been designed keeping security in mind is essential since need for shell script always exists. A new language Shill has been developed by Harvard researchers with a stress over security but there is a long way to go.
Some other common attack vectors are:-
- Secure Shell
Redhat recently announced its 64 bit ARM architecture designed for datacenters. It has (TDP) thermal design power between 10 and 45watts where as traditional x86 processor has more than 90watts.Direct Server utility bills and data center running cost lowers along with power consumption.
Linux has been a preferable choice because of its stability feature and better response to concurrent processes. It is able to run over a long period of time without facing any crash. The basic reason of adopting Linux is TCO (total cost of ownership). Moreover all configuration changes can be accomplished without rebooting system thus not effecting irrelevant services. The distributive nature of Linux made it acceptable choice because it does not need any SI (System identifier). In Linux; the systems are distinguished by IP addresses and names. It runs over any machine architecture and unlike its counterparts which completely depends over Intel compatible processors.
Some of the best Linux Distro :
- Fedora : It was developed around same time as Ubuntu. Fedora 21 is the new release known as fedora next. Fedoras has three releases Workstation, cloud and sever, each one is aimed to specific use-cases.Fedora21 server with its Rolekit tool is now focused over server administration and enable administrator to specify server roles .It leverages open source freelPA identity and authentication application providing secure access. The big tool is Cockpit server management which provides small scale server management.
- Ubuntu : It is one most prevalent and famous Linux Distro .it is preferable for its user friendliness. Its name is derived from a South African philosophy of ‘universal humanism’. Besides it includes various open source programs like email client thunderbird, web browser Firefox, and Libreoffice. Moreover a user can access more software from Software center Repository.
- Debian : It is one of original Linux Distro developed almost three decades ago. It is named over its founder Ian Murdock and Debra.
- Linux Mint : It is less prominent distro and has been forked in its second iteration from earlier release of Ubuntu. The developer behind Linux mint decided to release an alternate version of debian and now supporting various streams for those who wants to incorporate it in different hardware condition. It comes with Many of software which will be needed out of the box despite of being less dominant than its industry rivals.
- OpenSuse : OpenSuse was based off a German acronym Suse (Software and system evolution).The project was developed by the US firm Novell for allowing to work over its development by them who are outside the firm. It offers high configurable feature, huge scope of customization and YAST a tool for the control of entire operating system from single program.
There are many organizations who advocate for Linux adoption. In May 2014, W3techs surmised that 67.5% of top 10 million website run over some form of UNIX whereas Linux is used by 57.2% of website which uses UNIX. The (IFOSSF) international free and open source foundation has decided to accelerate and promote the adoption of FOSS (free and open source software) through civil society partnership and research.
Some other are:-
- Asian Open Source centre (AsiaOSC)
- Software LivreBrasil (a Brazilian organisation)
- Free and open source foundation of India and china.
- IBM with its Linux marketing strategy
- Linux users group
Oracle has released secure boot version of its linux, which has chain of trust in boot process. When bootloader is loaded by firmware, it checks authentication signature of bootloader with signature key stored in firmware before proceeding.
Linux software developers are striving hard to expand Linux storage and file systems. In recent years flash memory has been evolved as server primary storage and persistent memory is rendering us storage that works at DRAM speed.
- BTRFS : BTRFS is a copy on write file system that emphasis over fault tolerance and easy administration. It has advantage of handling numerous small size files and huge size files such as 16 EiB, multi-storage device support, and baked in RAID. It has extent based storage system, space-effecting indexing directories, Writable and read only snapshots, separate internal file storage system modules. The BRTFS development team is working over object level stripping and mirroring, compression methods and in band deduplications.
- CephFS : It is POSIX-compliant file system that utilizes ceph storage cluster to store data. It provides a distributed storage and file system, which relies over resilient and scalable storage model. Some expert says that CephFS is not completely ready yet. Being a distributed system, Ceph FS has to deal with multiple writes from multiple clients. Consequently that results in file lock-in situation.
So, Although Linux has many file system and able to use any kind of storage. Still there is lot of work which is to be done.
Leave a Reply
You must be logged in to post a comment.