20 Fasalolin Tsaro masu Amfani da Kayan aiki don Masu Gudanar da Linux

A cikin wannan labarin, zamu lissafa fa'idodin tsaro na Linux masu amfani waɗanda kowane mai gudanar da tsarin yakamata ya sani. Muna kuma raba wasu kayan aiki masu amfani don taimakawa mai sarrafa tsarin tabbatar da tsaro akan sabar Linux ɗin su.

Jerin sune kamar haka, kuma ba a tsara su ta kowane tsari na musamman ba.

1. Linux User and Group Management

Mai amfani da Linux da gudanarwar rukuni muhimmin bangare ne na tsarin gudanarwa. Lura cewa mai amfani na iya zama mutum ko mahallin software kamar tafiyar da sabar yanar gizo da mai fayiloli.

Daidaitaccen ma'anar sarrafa mai amfani (wanda zai iya haifar da cikakkun bayanan asusun mai amfani, ƙungiyoyin mai amfani da su, wane sassa na tsarin mai amfani zai iya shiga, waɗanne shirye-shiryen da za su iya aiwatarwa, aiwatar da manufofin kalmar sirri na ƙungiyar kalmar sirri, da sauransu) na iya taimakawa mai gudanar da tsarin a ciki. tabbatar da amintaccen tsarin shiga da aiki na masu amfani a cikin tsarin Linux.

2. Linux PAM

PAM (Modules Tabbacin Tabbaci) babban ɗakin karatu ne mai ƙarfi kuma mai sassauƙa don ingantaccen tsarin mai amfani. Kowane ɗakin karatu na ayyukan da ke jigilar kaya tare da PAM za a iya amfani da shi ta aikace-aikace don neman a tantance mai amfani.

Wannan yana bawa mai gudanar da tsarin Linux damar ayyana yadda aikace-aikacen ke tantance masu amfani. Yana da ƙarfi, duk da haka, kuma yana da ƙalubale don fahimta, koyo, da amfani.

3. Firewall na tushen uwar garke/ Mai watsa shiri

Linux yana jigilar kayayyaki tare da tsarin Netfilter wanda ke ba da ayyukan tace fakiti, kowane nau'in adireshin cibiyar sadarwa da fassarar tashar jiragen ruwa, yadudduka na APIs masu yawa don kari na ɓangare na 3, da ƙari.

Duk mafita na Linux Firewall na zamani kamar firewalld, nftables (magajin iptables), da ƙari, suna amfani da wannan tsarin ƙasa don tace fakiti don taimakawa wajen daidaitawa, da kariya, da toshe zirga-zirgar hanyar sadarwa ta shiga ko fita daga tsarin Linux.

4. Linux SELinux

Wani aikin da Hukumar Tsaro ta Ƙasar Amurka (NSA) ta ƙirƙira, Secure Enhanced Linux (ko SELinux a takaice) sigar tsaro ta Linux ce ta ci gaba.

Tsarin gine-ginen tsaro ne da aka haɗa cikin Linux kernel ta amfani da Modulolin Tsaro na Linux (LSM). Yana ƙara ƙirar Linux ta al'ada ta ikon samun ikon amfani da hankali (DAC) ta hanyar samar da ikon isa ga tilas (MAC).

Yana bayyana damar shiga da haƙƙin miƙa mulki na kowane mai amfani, aikace-aikace, tsari, da fayil akan tsarin; yana gudanar da hulɗar waɗannan ƙungiyoyi ta amfani da manufofin tsaro wanda ke ƙayyadad da yadda ya kamata ya kasance mai tsauri ko sassaucin shigarwar tsarin Linux.

SELinux ya zo an riga an shigar dashi akan mafi yawan idan ba duk rarraba tushen RHEL kamar Fedora, CentOS-rafi, Rocky Linux, AlmaLinux, da sauransu.

5. Armor

Hakazalika da SELinux, AppArmor kuma tsarin tsaro ne na Dole ne Ikon Samun Dama (MAC) wanda ke ba da ingantaccen tsarin tsaro na aikace-aikacen Linux mai inganci kuma mai sauƙin amfani. Yawancin rarraba Linux kamar Debian, Ubuntu, da openSUSE sun zo tare da shigar da AppArmor.

Babban bambanci tsakanin AppArmor da SELinux shine cewa yana da tushen hanya, yana ba da damar haɗakar da aiwatar da bayanan martaba da kuma gunaguni. Hakanan yana ɗaukar \haɗa fayiloli don sauƙaƙe haɓakawa, bayacin yana da ƙananan shingen shigarwa.

6. Kasa2ban

gazawar ƙoƙarin shiga da ƙari, da sabunta dokokin Tacewar zaɓi don hana irin wannan adireshin IP na ƙayyadadden lokaci.

7. ModSecurity Web Application Firewall (WAF)

Wanda Trustwave's SpiderLabs ya haɓaka, ModSecurity kyauta ce mai buɗe ido, mai ƙarfi, da injin WAF mai dumbin yawa. Yana aiki tare da Apache, NGINX, da sabar yanar gizo IIS. Zai iya taimaka wa masu gudanar da tsarin da masu haɓaka aikace-aikacen yanar gizo ta hanyar samar da ingantaccen tsaro akan kewayon hare-hare, misali, alluran SQL. Yana goyan bayan tace zirga-zirgar HTTP da sa ido, shiga, da bincike na ainihin lokaci.

Don ƙarin bayani, duba:

  • Yadda ake Sanya ModSecurity don Nginx akan Debian/Ubuntu
  • Yadda ake saita ModSecurity tare da Apache akan Debian/Ubuntu

8. Tsaro Logs

Rubutun tsaro suna taimakawa wajen kiyaye abubuwan da suka faru musamman masu alaƙa da tsaro da amincin duk kayan aikin IT ɗinku ko tsarin Linux guda ɗaya. Waɗannan abubuwan sun haɗa da ƙoƙari na nasara da gazawar samun damar uwar garke, aikace-aikace, da ƙari, kunna IDS, faɗakarwa da aka jawo, da ƙari mai yawa.

A matsayin mai gudanar da tsarin, kuna buƙatar gano ingantattun kayan aikin sarrafa log ɗin da kuma kiyaye mafi kyawun ayyuka na sarrafa log ɗin tsaro.

9. Bude SSH

OpenSSH shine babban kayan haɗin haɗin kai don shiga nesa tare da ka'idar hanyar sadarwar SSH. Yana ba da damar sadarwa mai aminci tsakanin kwamfutoci ta hanyar ɓoye zirga-zirgar ababen hawa a tsakanin su don haka ta kori munanan ayyuka daga masu aikata laifuka ta yanar gizo.

Anan akwai wasu jagorori masu amfani don taimaka muku amintaccen uwar garken OpenSSH:

  • Yadda ake Aminta da Harden OpenSSH Server
  • 5 Mafi kyawun Sabar OpenSSH Mafi Kyawun Ayyukan Tsaro
  • Yadda ake saita SSH Password Login a Linux

10. Bude SSL

OpenSSL sanannen ɗakin karatu ne na maƙasudi na gabaɗaya, wanda yake samuwa azaman kayan aikin layin umarni wanda ke aiwatar da Secure Sockets Layer (SSL v2/v3) da ka'idodin hanyar sadarwa na Tsaro Layer Tsaro (TLS v1) da ƙa'idodin cryptography masu alaƙa da ake buƙata da su.

Ana amfani da ita don ƙirƙirar maɓallai masu zaman kansu, ƙirƙira CSRs (Buƙatun Sa hannu na Takaddun shaida), shigar da takardar shaidar SSL/TLS, duba bayanan takaddun shaida, da ƙari mai yawa.

11. Tsarin Gano Kutse (IDS)

IDS wata na'ura ce ta saka idanu ko software wacce ke gano ayyukan da ake tuhuma ko keta manufofin da ke haifar da faɗakarwa lokacin da aka gano su bisa waɗannan faɗakarwar, a matsayin mai kula da tsarin ko manazarcin tsaro, ko duk wani ma'aikacin da abin ya shafa, zaku iya bincika batun kuma ku ɗauki matakan da suka dace. don gyara barazanar.

Akwai manyan nau'ikan IDS iri biyu: IDS na tushen mai watsa shiri wanda aka tura don sa ido kan tsari guda da IDS na tushen hanyar sadarwa wanda aka tura don sa ido kan hanyar sadarwa gaba daya.

Akwai IDS na tushen software da yawa don Linux kamar AIDE, da sauransu.

12. Linux Monitoring Tools

Don tabbatar da samuwar tsarin, ayyuka, da aikace-aikace daban-daban a cikin kayan aikin IT na ƙungiyar ku, kuna buƙatar sanya ido kan waɗannan abubuwan a cikin ainihin lokaci.

Kuma hanya mafi kyau don cimma wannan ita ce ta Icinga 2, da ƙari.

13. Linux VPN Tools

VPN (gajeren cibiyar sadarwa mai zaman kanta) wata hanya ce ta ɓoye zirga-zirgar zirga-zirgar ku akan cibiyoyin sadarwar da ba su da tsaro kamar intanet. Yana ba da amintaccen haɗin intanet zuwa cibiyar sadarwar ƙungiyar ku akan intanet na jama'a.

Bincika wannan jagorar don saita VPN da sauri a cikin gajimare: Yadda ake Ƙirƙirar Sabar IPsec VPN naku a cikin Linux

14. System and Data Backup and Restore Tools

Ajiye bayanai yana tabbatar da cewa ƙungiyar ku ba ta rasa mahimman bayanai a cikin kowane aukuwa mara shiri. Kayan aikin farfadowa suna taimaka maka maido da bayanai ko tsarin zuwa wani lokaci na farko don taimaka wa ƙungiyar ku murmurewa daga bala'i na kowane girma.

Anan akwai wasu labarai masu amfani game da kayan aikin madadin Linux:

  • 25 Fitattun Ayyukan Ajiyayyen don Tsarin Linux
  • 7 Mafi kyawun Buɗaɗɗen Tushen \Kayayyakin Kayan Ajiye/Ajiyayyen Disk don Sabar Linux
  • Shakata-da-Murmurewa - Ajiye da Mai da Tsarin Linux
  • Yadda ake Clone ko Ajiyayyen Disk Linux Ta amfani da Clonezilla

15. Linux Data Encryption Tools

Rufewa dabara ce ta tsaro ta farko a cikin kariyar bayanai wanda ke tabbatar da cewa ɓangarorin da aka ba da izini kawai ke samun damar samun bayanan da aka adana ko na wucewa. Za ku sami ɗimbin kayan aikin ɓoyayyen bayanai a can don tsarin Linux waɗanda zaku iya amfani da su don tsaro.

16. Lynis - Tsaro Audit Tool

Lynis kyauta ce, buɗaɗɗen tushe, sassauƙa, kuma mashahurin binciken tsaro na rundunar tsaro da sikanin rauni da kayan aikin tantancewa. Yana gudana akan tsarin Linux da sauran tsarin aiki kamar Unix kamar Mac OS X.

17. Nmap – Network Scanner

Nmap (gajeren taswirar hanyar sadarwa) kayan aikin tsaro ne da ake amfani da shi sosai, kyauta, buɗaɗɗiya, da wadataccen kayan aikin tsaro don binciken hanyar sadarwa ko duba tsaro. Yana da giciye-dandamali, saboda haka yana gudana akan Linux, Windows, da Mac OS X.

18. Wireshark

Wireshark cikakken bayani ne mai ƙarfi kuma mai nazarin fakitin cibiyar sadarwa, wanda ke ba da damar ɗaukar fakitin kai tsaye waɗanda za a iya adanawa don bincike na gaba/offline.
Hakanan yana aiki akan tsarin Unix kamar tsarin aiki na tushen Linux, Mac OSX, da kuma Windows.

19. Nikto

Nikto mai ƙarfi ne, na'urar daukar hotan takardu na buɗaɗɗen tushen yanar gizo wanda ke bincika gidan yanar gizon/aikace-aikace, mai masaukin baki, da sabar gidan yanar gizo don sanannun raunin da rashin tsari.

Yana ƙoƙarin gano sabar yanar gizo da software da aka shigar kafin yin kowane gwaji.

20. Sabunta Linux

Ƙarshe amma ba kalla ba, a matsayin mai kula da tsarin, ya kamata ka yi sabuntawa na yau da kullum tun daga tsarin aiki zuwa shigar da fakiti da aikace-aikace, don tabbatar da cewa kana da sabbin gyare-gyaren tsaro a wurin.

$ sudo apt update         [On Debian, Ubuntu and Mint]
$ sudo yum update         [On RHEL/CentOS/Fedora and Rocky Linux/AlmaLinux]
$ sudo emerge --sync      [On Gentoo Linux]
sudo pacman -Syu          [On Arch Linux]
$ sudo zypper update      [On OpenSUSE]

Wannan shine abin da muka samu a gare ku. Wannan jeri ya fi guntu fiye da yadda ya kamata. Idan kuna tunanin haka, raba tare da mu ƙarin kayan aikin da suka cancanci sanin masu karatunmu ta hanyar bayanin da ke ƙasa.