Security
A comprehensive guide to Linux system security, including access control, encryption, network security, and best practices.
π Access Control
File Permissions
# Basic permissions
chmod 755 file # Set file permissions
chown user:group file # Change ownership
chgrp group file # Change group
umask 022 # Set default permissions
# Special permissions
chmod u+s file # Set SUID
chmod g+s directory # Set SGID
chmod +t directory # Set sticky bitAccess Control Lists (ACL)
# ACL management
getfacl file # View ACL
setfacl -m u:user:rw file # Set user ACL
setfacl -m g:group:rx file # Set group ACL
setfacl -x u:user file # Remove user ACL
setfacl -b file # Remove all ACLsπ User Security
Password Management
# Password policies
passwd -l username # Lock account
passwd -u username # Unlock account
chage -l username # View password info
chage -M 90 username # Set max password age
# Password files
/etc/passwd # User accounts
/etc/shadow # Password hashes
/etc/group # Group information
/etc/gshadow # Group passwordsUser Authentication
# PAM configuration
/etc/pam.d/ # PAM configuration files
/etc/security/ # Security policies
/etc/login.defs # Login settings
/etc/sudoers # Sudo configurationπ‘οΈ System Security
System Updates
# Package updates
apt update # Update package list
apt upgrade # Upgrade packages
apt dist-upgrade # Smart upgrade
unattended-upgrades # Automatic updates
# Security updates
apt-get install security-updates
needrestart # Check for pending restartsSystem Hardening
# Service management
systemctl list-units --type=service # List services
systemctl disable service # Disable service
systemctl mask service # Prevent service start
systemctl status service # Check service status
# Boot security
update-grub # Update GRUB
grub-mkpasswd-pbkdf2 # Generate GRUB passwordπ Network Security
Firewall Configuration
# UFW (Uncomplicated Firewall)
ufw status # Check firewall status
ufw enable # Enable firewall
ufw allow 22/tcp # Allow SSH
ufw deny from ip # Block IP address
# iptables
iptables -L # List rules
iptables -A INPUT -p tcp --dport 80 -j ACCEPT # Allow HTTP
iptables-save # Save rulesSSH Security
# SSH configuration
/etc/ssh/sshd_config # SSH server config
ssh-keygen -t ed25519 # Generate key pair
ssh-copy-id user@host # Copy public key
ssh-agent # Manage keys
# SSH hardening
PermitRootLogin no # Disable root login
PasswordAuthentication no # Disable password auth
AllowUsers user1 user2 # Allow specific usersπ Security Monitoring
System Logs
# Log monitoring
tail -f /var/log/auth.log # Authentication logs
tail -f /var/log/syslog # System logs
journalctl -f # Journal logs
ausearch -ts today # Audit logs
# Log analysis
logwatch # Log analysis tool
fail2ban-client status # Intrusion prevention
rkhunter --check # Rootkit detectionProcess Monitoring
# Process monitoring
ps aux # List processes
top # Process monitor
netstat -tulpn # Network connections
lsof -i # Open network filesπ Encryption
File Encryption
# GPG encryption
gpg -c file # Encrypt file
gpg file.gpg # Decrypt file
gpg --gen-key # Generate key pair
gpg --list-keys # List keys
# Disk encryption
cryptsetup luksFormat device # Encrypt device
cryptsetup luksOpen device name # Open encrypted device
cryptsetup luksClose name # Close encrypted deviceSSL/TLS
# Certificate management
openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout key.pem
openssl x509 -text -in cert.pem # View certificate
openssl verify cert.pem # Verify certificateπ¨ Intrusion Detection
Host-based IDS
# AIDE configuration
aide --init # Initialize database
aide --check # Check for changes
aide --update # Update database
# Tripwire
tripwire --init # Initialize database
tripwire --check # Check systemNetwork IDS
# Snort
snort -dev # Packet sniffer mode
snort -dev -l ./log # Log packets
snort -c snort.conf # Use config file
# Security scanning
nmap -sS localhost # Port scan
nikto -h localhost # Web server scanπ§ Security Tools
Security Scanning
# Vulnerability scanning
lynis audit system # System audit
chkrootkit # Check for rootkits
clamav # Antivirus
tiger # Security audit toolSecurity Monitoring
# System monitoring
auditd # Audit daemon
psacct # Process accounting
sysstat # System statistics
sar # System activity reportπ‘ Best Practices
System Hardening
Minimize installed packages
Regular updates
Secure boot process
Service hardening
Access Control
Strong password policy
Principle of least privilege
Regular access review
Multi-factor authentication
Network Security
Firewall configuration
Network segregation
Secure protocols
Regular monitoring
Monitoring and Logging
Centralized logging
Log rotation
Regular log review
Incident response plan
π§ Troubleshooting
Common Issues
# Permission issues
ls -la # Check permissions
namei -l /path/file # Check path permissions
getcap file # View capabilities
ausearch -m avc # SELinux denials
# Network issues
ss -tulpn # Check ports
tcpdump -i any # Network traffic
netstat -rn # Routing tableSecurity Incidents
# Incident response
last # Login history
lastb # Failed logins
who # Current users
w # User activityπ Security Documentation
Security Policies
Access control policy
Password policy
Network security policy
Incident response plan
System Documentation
Network diagram
System inventory
Configuration baseline
Change management
Audit Requirements
Compliance requirements
Security controls
Audit procedures
Risk assessment
π Security Training
User Training
Password security
Social engineering
Safe browsing
Incident reporting
Admin Training
Security tools
System hardening
Incident response
Security updates
Last updated
Was this helpful?