Nell’iperspazio con Rocket: il Framework Web di Rust!
Lunix xx
1. D H A B I A H B A D E R 1 0 A G
Lunix principles and
philosophy
2. Know your system(s)
The first principle is about knowing what your system
is supposed to do. What is its primary role, what
software packages does it need and who needs
access?
By knowing the role of the system you can better
defend it against known and unknown threats.
Security Measures:
Password policy
Proper software patch management
Configuration management
Documentation
3. Least Amount of Privilege
Each process running, or package installed,
might become a target. Security professionals
call this the “attack surface”. What you want is
to minimize this attack surface by removing
unneeded components, limit access and by
default use a “deny unless” strategy. This
latter means that access by default is
blocked, unless you allow it (whitelisting).
Security Measures:
Use minimal/basic installation
Only allow access to people who really need
it
4. Perform Defense in Depth
Protect the system by applying several layers
of security. This principle is named “defense in
depth” and can be compared with an onion: to
get to the core, you have to peel of layer by
layer. One broken defense might help us
protect against full compromise.
Security Measures:
IPtables / Nftables
Hardening of software components
5. Know your Enemy
You can only protect a system the right
way, if you know what threats you are
facing. Why would this system be a target
and who would be targeting it? Perform a
risk analysis and determine what potential
threats your system might endure.
Security Measures:
Vulnerability scans
Penetration tests
Risk analysis
6. Protection is Key, Detection is a Must
Security focuses on the protection of assets. While
this is a primary objective, we should consider that
one day our defenses are broken. Therefore we
want to know this as soon as possible, so we can
properly act. This is where principle 3 and 4 both
are linked. Set-up proper detection methods,
similar to the trip wires used by the military.
Security Measures:
Linux audit framework
Remote Logging
Create backups and test them
7. Source code availability The author must make
source code available and permit redistribution of
both source code and (if applicable) binary code.
Permission to derive works The license must permit
others to modify the soft- ware and to distribute such
modifications under the same license as the original.
8. Respect for source code integrity The license may
restrict redistribution of modified source code, but
only if patch files may be distributed along with the
original source code. The license may require that
derived works change the soft- ware’s name or
version number.
No discrimination against persons or groups The
license must not discrimi- nate against any person
or group of people.
9. No discrimination against fields of endeavor The
license must not forbid use of the program in any
field, such as in business or by genetics
researchers.
Automatic license distribution The license must
apply to anybody who receives the program
without needing a separate agreement.
10. Lack of product specificity The license must not
require that the program be used or distributed as
part of a larger program—that is, you may extract a
single program from a larger collection and
redistribute it alone.
Lack of restrictions on other software The license
must not impose restric- tions on other software
that’s distributed along with the licensed software.
11. Technology neutrality The license
must not be restricted based on
specific technologies or interfaces.
12. Understanding the Open Source Philosopy
The FSF’s advocacy efforts were (and are) based on a strong moral
imperative— software should be free, in the FSF’s view, with “free” defined
as described earlier. This approach appeals to some people, but others—
particularly businesses that want to make money off of software—find this
type of advocacy strange at best and threatening at worst.
13. For these reasons, the OSI’s creators designed
their organization as a way to advocate free
software. By using a new term—open source—and
by softening some of the FSF’s moral imperatives,
the OSI aims to promote open source soft- ware in
the business world. The difference in tone from the
FSF’s moral impera- tive can be seen in the
opening statement on the OSI’s Web site
(http://www .opensource.org):
14. he FSF advocates what it calls free software, which it defines
in terms of freedom to do things you want to do with the
software, not the price of the software. A common phrase to
make this distinction clear is “free as in speech, not free as in
beer.” The FSF defines four specific software freedoms:
IIFreedom to use the software for any purpose
IIFreedom to examine the source code and modify it as you
see fit IIFreedom to redistribute the software
IIFreedom to redistribute your modified software
15. These freedoms are similar to the principles
espoused by the OSI, described shortly;
however, there are some important
differences in interpretation, also as
described shortly. The FSF elaborates on the
implications of each of its principles, and their
interactions, at
http://www.gnu.org/philosophy/free-sw.html.
16. In an ideal world, by the FSF’s standards, all software
would be free—distributed with source code and all the
freedoms just outlined. Some Linux distributions meet
this ideal in isolation; however, some distributions
include proprietary soft- ware. Sometimes this software
is freeware, but other times it’s a bit of proprietary code
that enables the vendor to restrict redistribution and
charge money to sell the software. Since free software
is not necessarily free of charge, selling it is not a
problem from the FSF’s point of view, but given the
other freedoms, free software’s price tends toward zero
as it gets passed around
17. Nine major tenets
There are nine major tenets to the Linux philosophy.
Small is Beautiful
Each Program Does One Thing Well
Prototype as Soon as Possible
Choose Portability Over Efficiency
Store Data in Flat Text Files
Use Software Leverage
Use Shell Scripts to Increase Leverage and
Portability
Avoid Captive User Interfaces
Make Every Program a Filter
There are also 10 lesser tenets and some
corollaries to the Linux philosophy that are also
important. I will cover some of those in future
articles.