Every Linux system allows you to create hard and symbolic (soft) links to files, applications and directories. Hard links are actual copies of the file or directory whereas symbolic links are simply pointers to the original file or directory. It is important to prevent these links from being deleted otherwise important files & directories on your system may stop working properly. Also, it allows malicious software from deleting or modifying links on your system, to suite their requirements and damage your data/system. But did you know you could protect these links from being deleted? In this article, we will learn how to protect hard and symbolic links in CentOS.
Here are the steps to protect hard and symbolic links in CentOS. Luckily, there exist certain security features in RHEL/CentOS systems that protect links from being created or pointed to.
For example, a user can create hard links only to files & directories that he/she owns. Alternatively, the user must have read/write access to the file/directory that they want to link to.
In case of soft links, processes are allowed to link to symbolic links if they are the owner of the symbolic link or the directory containing the symbolic link.
By default, this feature is enabled in configuration file at /usr/lib/sysctl.d/50-default.conf. If you open this file in text editor, you will see the following values.
fs.protected_hardlinks = 1 fs.protected_symlinks = 1
If you want to modify this setting, you can set the above flags to 0. Alternatively, create another new file with the following filename. You need to use a filename such that it is read only after reading the default file mentioned above.501-noprotect-links will be read after 50-default.conf since all files in this directory are read alphabetically one after the other.
$ vi /etc/sysctl.d/51-noprotect-links.conf
Add the following lines to it.
fs.protected_hardlinks = 0 fs.protected_symlinks = 0
Save and close the file. Run the following command to apply changes.
# sysctl --system OR # sysctl -p #on older systems
In this article, we have learnt how to protect hard and symbolic links in CentOS. The key is to set the required flag to 1 or 0 depending on whether you want to enable/disable protection.
Please note, the above changes will be applicable to all hard or symbolic links on your system. It will not allow you to selectively protect only certain links on your system.
Also read:
How to Run Shell Script on Another Server
How to Manage Systemd Services on Remote Linux Systems
How to Synchronize Time with NTP in Linux
How to Enable Confirmation for Rm Command
How to Share Linux Terminal Session
The post How to Protect Hard and Symbolic Links in CentOS appeared first on Fedingo.
FIPS 140 is a highly demanding security standard that’s mandatory for almost all high-security and…
Open source has come a long way. Recently I was watching a keynote address by…
Sylva 1.5 becomes the first release to include Kubernetes 1.32, bringing the latest open source…
Expansion ensures business continuity without forcing major upgrades Today, Canonical announced the expansion of the…
TL;DR: YARD-Lint catches documentation issues, just like RuboCop for code. Star it and use it…
Deploy a FedRAMP-ready kubernetes cluster and application suite, with FIPS 140-3 crypto and DISA-STIG hardening…