Security

A comprehensive guide to Linux system security, including access control, encryption, network security, and best practices.

🔒 Access Control

File Permissions

# Basic permissions
chmod 755 file       # Set file permissions
chown user:group file # Change ownership
chgrp group file     # Change group
umask 022           # Set default permissions

# Special permissions
chmod u+s file      # Set SUID
chmod g+s directory # Set SGID
chmod +t directory  # Set sticky bit

Access Control Lists (ACL)

# ACL management
getfacl file        # View ACL
setfacl -m u:user:rw file  # Set user ACL
setfacl -m g:group:rx file # Set group ACL
setfacl -x u:user file     # Remove user ACL
setfacl -b file           # Remove all ACLs

🔐 User Security

Password Management

# Password policies
passwd -l username   # Lock account
passwd -u username   # Unlock account
chage -l username    # View password info
chage -M 90 username # Set max password age

# Password files
/etc/passwd         # User accounts
/etc/shadow         # Password hashes
/etc/group          # Group information
/etc/gshadow        # Group passwords

User Authentication

# PAM configuration
/etc/pam.d/         # PAM configuration files
/etc/security/      # Security policies
/etc/login.defs     # Login settings
/etc/sudoers        # Sudo configuration

🛡️ System Security

System Updates

# Package updates
apt update          # Update package list
apt upgrade         # Upgrade packages
apt dist-upgrade    # Smart upgrade
unattended-upgrades # Automatic updates

# Security updates
apt-get install security-updates
needrestart        # Check for pending restarts

System Hardening

# Service management
systemctl list-units --type=service  # List services
systemctl disable service   # Disable service
systemctl mask service     # Prevent service start
systemctl status service   # Check service status

# Boot security
update-grub              # Update GRUB
grub-mkpasswd-pbkdf2    # Generate GRUB password

🌐 Network Security

Firewall Configuration

# UFW (Uncomplicated Firewall)
ufw status              # Check firewall status
ufw enable             # Enable firewall
ufw allow 22/tcp       # Allow SSH
ufw deny from ip       # Block IP address

# iptables
iptables -L            # List rules
iptables -A INPUT -p tcp --dport 80 -j ACCEPT  # Allow HTTP
iptables-save         # Save rules

SSH Security

# SSH configuration
/etc/ssh/sshd_config  # SSH server config
ssh-keygen -t ed25519 # Generate key pair
ssh-copy-id user@host # Copy public key
ssh-agent            # Manage keys

# SSH hardening
PermitRootLogin no    # Disable root login
PasswordAuthentication no  # Disable password auth
AllowUsers user1 user2    # Allow specific users

🔍 Security Monitoring

System Logs

# Log monitoring
tail -f /var/log/auth.log    # Authentication logs
tail -f /var/log/syslog      # System logs
journalctl -f               # Journal logs
ausearch -ts today         # Audit logs

# Log analysis
logwatch                   # Log analysis tool
fail2ban-client status    # Intrusion prevention
rkhunter --check         # Rootkit detection

Process Monitoring

# Process monitoring
ps aux                    # List processes
top                      # Process monitor
netstat -tulpn           # Network connections
lsof -i                  # Open network files

🔑 Encryption

File Encryption

# GPG encryption
gpg -c file             # Encrypt file
gpg file.gpg            # Decrypt file
gpg --gen-key           # Generate key pair
gpg --list-keys         # List keys

# Disk encryption
cryptsetup luksFormat device  # Encrypt device
cryptsetup luksOpen device name  # Open encrypted device
cryptsetup luksClose name    # Close encrypted device

SSL/TLS

# Certificate management
openssl req -new -x509 -days 365 -nodes -out cert.pem -keyout key.pem
openssl x509 -text -in cert.pem  # View certificate
openssl verify cert.pem         # Verify certificate

🚨 Intrusion Detection

Host-based IDS

# AIDE configuration
aide --init             # Initialize database
aide --check           # Check for changes
aide --update         # Update database

# Tripwire
tripwire --init       # Initialize database
tripwire --check     # Check system

Network IDS

# Snort
snort -dev           # Packet sniffer mode
snort -dev -l ./log  # Log packets
snort -c snort.conf  # Use config file

# Security scanning
nmap -sS localhost   # Port scan
nikto -h localhost   # Web server scan

🔧 Security Tools

Security Scanning

# Vulnerability scanning
lynis audit system    # System audit
chkrootkit           # Check for rootkits
clamav               # Antivirus
tiger               # Security audit tool

Security Monitoring

# System monitoring
auditd              # Audit daemon
psacct              # Process accounting
sysstat            # System statistics
sar                # System activity report

💡 Best Practices

System Hardening
- Minimize installed packages
- Regular updates
- Secure boot process
- Service hardening
Access Control
- Strong password policy
- Principle of least privilege
- Regular access review
- Multi-factor authentication
Network Security
- Firewall configuration
- Network segregation
- Secure protocols
- Regular monitoring
Monitoring and Logging
- Centralized logging
- Log rotation
- Regular log review
- Incident response plan

🔧 Troubleshooting

Common Issues

# Permission issues
ls -la                # Check permissions
namei -l /path/file   # Check path permissions
getcap file          # View capabilities
ausearch -m avc      # SELinux denials

# Network issues
ss -tulpn            # Check ports
tcpdump -i any       # Network traffic
netstat -rn          # Routing table

Security Incidents

# Incident response
last                 # Login history
lastb               # Failed logins
who                # Current users
w                  # User activity

📚 Security Documentation

Security Policies
- Access control policy
- Password policy
- Network security policy
- Incident response plan
System Documentation
- Network diagram
- System inventory
- Configuration baseline
- Change management
Audit Requirements
- Compliance requirements
- Security controls
- Audit procedures
- Risk assessment

🎓 Security Training

User Training
- Password security
- Social engineering
- Safe browsing
- Incident reporting
Admin Training
- Security tools
- System hardening
- Incident response
- Security updates

PreviousSearch NextServices

Last updated 1 year ago

Was this helpful?