Securing Linux policy
September 17, 2017
Linux has been the backbone of many businesses for decades. It has powered web servers, database systems, development machines, and employee workstations. And as with any OS, it’s essential to ensure that security standards are met in corporate environments. This policy offers guidelines for securing Linux on company computers and computers used to conduct company business.
From the policy:
Develop patching cycles
Patching is a key element of security—many vulnerabilities and exploits can be sealed off through proper OS/application maintenance provided by new patches.
Enact monthly patch cycles to deploy updates to systems using rpm, apt/dpkg, or yum, depending on the Linux distribution(s) involved. Also consider using tools such as Spacewalk, Puppet or Chef to automate the process. Other alternatives for patching are available to streamline the process.
Include operating system patches as well as application updates like Firefox, Chrome, and OpenOffice. Use a local server to download and distribute updates to company computers, rather than having them connect directly to the internet. Check patching results to ensure all systems are protected on an ongoing basis and plan for operating system updates as needed. New operating systems provide better security features that can help achieve your goals more efficiently.
Develop documentation for user behavior
Security settings and controls must work hand in hand with appropriate user behavior. Tech Pro Research’s Information Security Policy can help you determine what users should and should not do on company systems (or employee-owned systems used for business purposes). For instance, a list you might develop could include these requirements:
- Users should not share passwords.
- Users should lock their screens when away from their desks.
- Users must not attempt to tamper with or disable controls.
- No passwords should be hard-coded in scripts, particularly those which are text-based.
- No pirated software may be used.
- Users should reboot computers when prompted after the successful application of patches or updates, so that these may take effect.