Author: Madhan Gopalakrishnan | Published on : 13-02-2025
Linux security is crucial for protecting systems from unauthorized access, malware, and cyber threats. Hardening a Linux system involves implementing security measures to reduce vulnerabilities. This guide provides an easy-to-understand yet in-depth explanation of Linux security and system hardening techniques. š
š”ļø Basic Security Concepts
| š Security Aspect | š Description |
|---|---|
| Authentication | Verifies user identity using passwords, SSH keys, or multi-factor authentication (MFA). |
| Authorization | Grants or restricts access based on user roles and permissions. |
| Encryption | Protects data by converting it into an unreadable format. |
| Firewalls | Filters network traffic to allow or block access based on security rules. |
| Updates & Patching | Regularly updating the system to fix security vulnerabilities. |
š User and Access Management
| š Command | š Description | š Syntax |
|---|---|---|
who | Shows currently logged-in users | who |
w | Displays active users and their processes | w |
id | Shows user ID (UID) and group ID (GID) | id [username] |
groups | Lists groups a user belongs to | groups [username] |
passwd | Changes the user password | passwd [username] |
usermod | Modifies an existing user | usermod -aG [group] [username] |
chmod | Changes file permissions | chmod [permissions] [file] |
chown | Changes file ownership | chown [user]:[group] [file] |
Best Practices:
- Use strong passwords and enable password expiration policies.
- Implement multi-factor authentication (MFA).
- Limit the use of the root account; use
sudoinstead.
š„ Firewall & Network Security
š Firewall Configuration (UFW, IPTables, Firewalld)
| š Command | š Description | š Syntax |
|---|---|---|
ufw enable | Enables UFW firewall | sudo ufw enable |
ufw allow 22 | Allows SSH access | sudo ufw allow 22 |
iptables -L | Lists active firewall rules | sudo iptables -L |
firewalld | Manages firewall rules dynamically | sudo firewall-cmd --state |
Best Practices:
- Restrict open ports and allow only necessary services.
- Implement fail2ban to prevent brute-force attacks.
- Use VPNs for secure remote access.
š Secure SSH Configuration
| š Security Measure | š Command |
|---|---|
| Disable root login | Edit /etc/ssh/sshd_config, set PermitRootLogin no |
| Change SSH port | Modify Port 22 to a custom port in sshd_config |
| Use key-based authentication | ssh-keygen & ssh-copy-id user@server |
| Enable Fail2Ban | sudo apt install fail2ban & configure /etc/fail2ban/jail.conf |
š System Hardening Techniques
| š Technique | š Description |
|---|---|
| Disable Unused Services | Use systemctl disable [service] to stop unnecessary services. |
| Enable Automatic Updates | Configure unattended-upgrades for automatic security patches. |
| Check System Logs | Use journalctl -xe and /var/log/syslog to analyze system logs. |
| AppArmor/SELinux | Use AppArmor or SELinux for additional process restrictions. |
| Enable Auditing | auditctl & ausearch for monitoring security-related events. |
š Intrusion Detection & Monitoring
| š Tool | š Description |
|---|---|
chkrootkit | Checks for rootkits in the system. |
rkhunter | Scans for known vulnerabilities. |
lynis | Performs a security audit and hardening recommendations. |
tripwire | Monitors system file integrity. |
š Conclusion
Linux security and hardening are ongoing processes that require continuous monitoring and updates. By implementing these techniques, you can safeguard your system against potential threats. š”ļøš§
ā Best Practices and Next Steps:
- Regularly audit and update your security settings:
- Use
lynis audit systemto scan for security weaknesses. - Update all packages using
sudo apt update && sudo apt upgrade. - Review user accounts with
sudo cat /etc/passwd. - Remove unnecessary software and disable unused services.
- Schedule periodic security audits and penetration testing.
- Use
- Implement log monitoring and alerting systems:
- Use
journalctl,syslog, anddmesgfor analyzing logs. - Install log monitoring tools like
Nagios,Zabbix, orELK Stack. - Set up automatic alerts for suspicious activities with
auditd. - Use
fail2banto monitor failed login attempts and block attackers.
- Use
- Explore advanced security frameworks like SELinux and AppArmor:
- SELinux: Enforce access controls beyond standard user permissions.
- AppArmor: Restricts applications based on predefined security profiles.
- Enable SELinux using
sudo setenforce 1and check status withsestatus. - Enable AppArmor using
sudo aa-enforce /etc/apparmor.d/*. - Configure security policies with
semanageandaa-complain.
- Enhance Security with Additional Measures:
- Encrypt sensitive files using
gpg -c fileoropenssl enc. - Set up a host-based intrusion detection system (HIDS) like
OSSEC. - Implement security event logging with
rsyslog. - Secure physical access by setting BIOS/bootloader passwords.
- Encrypt sensitive files using
Happy Securing! šš
šOther Topics Links Related to Linux Security and Log Monitoring
