1 Overview of Security Principles

This section provides a brief overview of system security and includes some principles for how to enhance security on Oracle Linux systems.

Oracle Linux is a secure enterprise-class OS that can provide the performance, data integrity, and the application uptime necessary for business-critical production environments.

Thousands of production systems at Oracle run Oracle Linux, and many internal developers use it as their development platform. Oracle Linux is at the heart of Oracle Cloud Infrastructure and several Oracle engineered systems, including the Oracle Exadata Database Machine, Oracle Private Cloud Appliance, and Oracle Database Appliance. Oracle Linux is also used across Oracle cloud, whether it's infrastructure, database services, or other Software-as-a-Service (SaaS).

Backed by Oracle Support, these mission-critical systems, and deployments depend fundamentally on the built-in security and reliability features of Oracle Linux.

Oracle has been a regular participant in the Linux community, contributing code enhancements for the mainline Linux kernel. Oracle also contributes to many open source initiatives, such as Oracle Cluster File System and the Btrfs file system. From a security perspective, having roots within open source is a significant advantage.

The Linux community, which includes many experienced developers and security experts, reviews posted Linux code extensively before it's tested and released. The open source Linux community has supplied many security improvements over time, including access control lists (ACLs), cryptographic libraries, and trusted utilities. Oracle builds on such tools to provide a solid and secure OS.

Oracle recommends that you follow some fundamental security principles when using Oracle Linux. These principles are guidelines that administrators can use to build security policies.

Minimize and Secure the Software Footprint

Planning an Oracle Linux system's purpose, deployment configuration, and software requirements in advance is essential to minimizing attack vectors. During the design phase of a deployment you can uninstall or disable any components and services that aren't needed or used in a particular configuration or deployment scenario, including any peripheral functionality or components. Because deployment requirements can vary over time, you also need processes in place to uninstall and disable any features that aren't needed or used in specific configuration or deployment scenarios. You might also consider using the minimal install base environment that only installs the essential components of the OS by default. If you're using a kickstart configuration file to install Oracle Linux, the minimal install includes the @base and @core packages.

For more information about these installation options, see Oracle Linux 8: Installing Oracle Linux.

Find more information about the various base environments available by running the dnf group list -v command. This command displays the same list of base environments available on the Software Selection screen of the Oracle Linux GUI installer. For example:

dnf group list -v 
Last metadata expiration check: 0:55:03 ago on Tue 18 Jul 2023 12:19:06 PM GMT.
Available Environment Groups:
   Server with GUI (graphical-server-environment)
   Server (server-product-environment)
   Minimal Install (minimal-environment)
Installed Environment Groups:
   Server with GUI (graphical-server-environment)
Installed Groups:
   Container Management (container-management)
Available Groups:
   Legacy UNIX Compatibility (legacy-unix)

To review what the minimal-environment group includes, run the dnf group info command. For example:

dnf group info minimal-environment
Last metadata expiration check: 0:04:29 ago on Tue 18 Jul 2023 12:55:49 PM GMT.
Environment Group: Minimal Install
 Description: Basic functionality.
 Mandatory Groups:
 Optional Groups:
   Guest Agents

Use the same command to find out what packages are included in the core group. For example:

dnf info core
Last metadata expiration check: 0:04:46 ago on Tue 18 Jul 2023 12:55:49 PM GMT.

Group: Core
 Description: Smallest possible installation
 Mandatory Packages:
 Default Packages:
 Optional Packages:

To review more information about the individual packages, run the dnf info command on the packages. For example:

dnf info bash
Last metadata expiration check: 0:10:14 ago on Tue 18 Jul 2023 12:55:49 PM GMT.
Installed Packages
Name         : bash
Version      : 4.4.20
Release      : 4.el8_6
Architecture : x86_64
Size         : 6.5 M
Source       : bash-4.4.20-4.el8_6.src.rpm
Repository   : @System
From repo    : ol8_baseos_latest
Summary      : The GNU Bourne Again shell
URL          : https://www.gnu.org/software/bash
License      : GPLv3+
Description  : The GNU Bourne Again shell (Bash) is a shell or command language
             : interpreter that is compatible with the Bourne shell (sh). Bash
             : incorporates useful features from the Korn shell (ksh) and the C shell
             : (csh). Most sh scripts can be run by bash without modification.

Another important way to ensure that Oracle Linux systems are secure is to only install those software packages that are essential for performing necessary functions. Extra functions and components can increase the security risk, so they can be removed or uninstalled as needed.

Installing software from secure, known, and trusted sources is considered good security practice. Oracle signs packages with GPG keys so that administrators can confirm the provenance and authenticity of software packages. Oracle also uses TLS to secure the networking actions of the software installation and update tools provided with Oracle Linux.

Keep Software Up-to-date

One of the principles of good security practice is to keep all software versions and patches up-to-date. Oracle maintains software and releases errata and patch updates using the Oracle Linux yum server and the Unbreakable Linux Network (ULN).

Updating the installed software on Oracle Linux to patch any vulnerabilities and minimize the attack surface as often as possible is considered good security practice. For more information, see Understanding the Importance of Updates.

Also consider using Oracle Ksplice in addition to regular system updates to automatically patch the running kernel and common userspace libraries such as openSSL and glibc without any required system downtime. For more information about Ksplice, see Oracle Linux: Ksplice User's Guide.

Restrict Network Access to Critical Services

Keeping both middle-tier applications and databases behind a firewall restricts access to those systems to a known network route that you can monitor and restrict, or you can use a firewall router as a substitute for several independent firewalls.

If you can't use firewalls, you can access based on IP address. Restricting database access by IP address often causes application client/server programs to fail for DHCP clients. To resolve that problem, consider using static IP addresses, a software/hardware VPN or Windows Terminal Services or similar.

See About the Packet Filtering Firewall and Restricting Access to SSH Connections for more information on how to restrict and secure network access.

Control Authentication Mechanisms and Enforce Password Restrictions

You can choose different authentication mechanisms to control access to a system. In environments where many systems are involved, consider using a centralized authentication tool so that you don't need to maintain accounts across many different systems.

Also consider the different types of authentication mechanisms available. While password-level access can be convenient, you can secure an environment further by providing more restrictive mechanisms such as key, certificate, or token based authentication that often use 2-factor authentication.

When using password-style access, you can enforce restrictions to prevent common, short, or easily cracked passwords. Consider the NIST 800-63 Digital Identity Guidelines, which suggest deviating from traditional password policy. Rather than forcing complicated passwords with frequent expiry and forced system lockout, consider requiring passwords that aren't easy to guess or crack and are checked against known password dictionaries.

See Configuring User Authentication and Password Policies for more information.

Follow the Principle of Least Privilege

The principle of least privilege suggests that you grant users the bare minimum privileges required to perform their jobs. The excessive granting of permissions, especially early on in an organization’s lifespan when few employees must complete work within tight deadlines, can leave systems wide open for abuse. Reviewing user privileges periodically to match their current job responsibilities is considered good security practice.

This principle requires that users are assigned their own login accounts. If they require administrator access for a purpose, use sudo to grant access for that specific purpose.

Distributing the root user password is considered poor security practice. You can enhance the security of the root password by ensuring that it's long, difficult to guess, and contains a wide variety of special characters.

See Checking User Accounts and Privileges for more information.

Monitor System Activity

Robust system security relies on three principles: up-to-date security protocols, correct system configuration, and frequent system monitoring. Auditing and reviewing audit records addresses the third requirement. Each component within a system often has some degree of monitoring capability. You can follow the audit advice in this document and monitor audit records.

See Using System Auditing and Monitoring, Using Advanced Intrusion Detection Environment and Implementing System Process Accounting for more information.

Also consider using the Ksplice known exploit detection feature with systems that have the Ksplice Enhanced client installed. That feature reports exploitation attempts from known attack vectors. When new Common Vulnerabilities and Exposures (CVEs) are discovered and patched by Ksplice, Oracle might add tripwires to the code that log when an erroneous condition is triggered to ensure that administrators can monitor systems for suspicious activity. For more information about Ksplice, see Oracle Linux: Ksplice User's Guide.

Keep Up-to-date With the Latest Security Information

For information about common vulnerabilities, exposures, and errata, you can use ULN or sign up for one of the Oracle Linux mailing lists. For more information, see Obtaining Errata and CVE Notices. You can also review Oracle's constantly expanding range of documentation, tutorials, and blog posts at https://docs.oracle.com/en/operating-systems/oracle-linux/ and https://blogs.oracle.com/linux/ for the latest information.