Оффлайн
- Регистрация
- 1 Мар 2015
- Сообщения
- 1,481
- Баллы
- 155
Introduction
If you're managing a Linux system, one of the most important responsibilities you'll take on is securing your environment.
You can’t afford to leave your system open to threats, and that’s where understanding security protocols comes in.
This guide covers essential security measures every Linux system administrator should enforce to safeguard a Linux environment effectively.
Table of Contents
SSH is the main entry point for remote system administration, making it a high-priority target for attackers.
Why It Matters
Hackers scan for open SSH ports constantly, looking for weak configurations to break in. If SSH security is compromised, an attacker could take full control of the system.
Best Practices
Why? If an attacker gains access as root, they can install malware, delete files, or shut down the server. Hackers often target root because it’s a default username, making it easier for brute-force attacks.
Why? Keys eliminate password-based authentication, making it impossible for attackers to brute-force their way in.
While not a replacement for strong authentication, changing the port reduces automated scans targeting default SSH ports.
2. Managing Firewalls with Firewalld
Firewalld controls network access, defining which services can communicate with the system.
Why It Matters
Without a firewall, any service running on the system is exposed to the internet including ones that shouldn’t be accessible externally. Firewalld blocks unauthorized traffic while allowing trusted services like SSH and HTTPS.
Basic Firewall Commands
sudo firewall-cmd --state
sudo firewall-cmd --list-all
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
Zones define trust levels for network traffic:
Setting the appropriate zone for each network interface ensures that services are only accessible where needed.
3. Enforcing Policies with SELinux
SELinux provides mandatory access control, preventing unauthorized programs from accessing system files—even if exploited.
Why It Matters
A compromised application could attempt to access system resources. SELinux ensures that even if an attacker gains access, they are restricted from making further changes outside predefined security rules.
Basic SELinux Commands
getenforce
sudo setenforce 1
sudo nano /etc/selinux/config
cat /var/log/audit/audit.log | grep AVC
Proper user management ensures files and directories are only accessible by authorized users.
Key Tools for Access Control
chmod 600 secret.txt
chown user:group file
sudo usermod -aG wheel username
Unpatched systems are prime targets for attackers exploiting known vulnerabilities.
Keeping Software Up to Date
sudo dnf update
sudo dnf install dnf-automatic
sudo systemctl enable --now dnf-automatic.timer
Tracking who did what on the system ensures accountability and security.
Key Log Files
/var/log/secure
journalctl
auditd (audit service)
Using auditd to Monitor Activity
sudo systemctl enable --now auditd
sudo ausearch -ua yourusername
Implementing these security protocols ensures a stronger, more resilient Linux system.
Stay consistent with these and regularly review your systems to maintain a strong security posture.
This knowledge will serve you well whether you’re managing a single server or a complex network.
Let’s connect on LinkedIn
()
As I automate my journey into RHCE and Ansible, I’d love to connect with fellow learners and professionals. Feel free to reach out and join me as I share tips, resources, and insights throughout this 30-day challenge.
cloudwhistler #30daysLinuxchallenge
If you're managing a Linux system, one of the most important responsibilities you'll take on is securing your environment.
You can’t afford to leave your system open to threats, and that’s where understanding security protocols comes in.
This guide covers essential security measures every Linux system administrator should enforce to safeguard a Linux environment effectively.
Table of Contents
- 1. Securing SSH Access
- 2. Managing Firewalls with Firewalld
- 3. Enforcing Policies with SELinux
- 4. Controlling Access with Users, Groups, and Permissions
- 5. Keeping the System Updated
- 6. Monitoring and Auditing Activity
- Conclusion
- Let's Connect on LinkedIn
SSH is the main entry point for remote system administration, making it a high-priority target for attackers.
Why It Matters
Hackers scan for open SSH ports constantly, looking for weak configurations to break in. If SSH security is compromised, an attacker could take full control of the system.
Best Practices
Disable Root Login (Prevent direct root access)
- Edit configuration:
sudo nano /etc/ssh/sshd_config
- Change:
PermitRootLogin no
- Restart SSH:
sudo systemctl restart sshd
Why? If an attacker gains access as root, they can install malware, delete files, or shut down the server. Hackers often target root because it’s a default username, making it easier for brute-force attacks.
Use Key-Based Authentication Instead of Passwords
- Generate SSH keys:
ssh-keygen
- Copy the key to the remote server:
ssh-copy-id user@server
Why? Keys eliminate password-based authentication, making it impossible for attackers to brute-force their way in.
Consider Changing the Default SSH Port
- Modify SSH config:
Port 2222
While not a replacement for strong authentication, changing the port reduces automated scans targeting default SSH ports.
2. Managing Firewalls with Firewalld
Firewalld controls network access, defining which services can communicate with the system.
Why It Matters
Without a firewall, any service running on the system is exposed to the internet including ones that shouldn’t be accessible externally. Firewalld blocks unauthorized traffic while allowing trusted services like SSH and HTTPS.
Basic Firewall Commands
- Check Firewall Status:
sudo firewall-cmd --state
Confirms whether Firewalld is active.
- List Allowed Services:
sudo firewall-cmd --list-all
Shows currently permitted services and firewall rules.
- Add a Trusted Service (e.g., SSH):
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
- The --permanent flag ensures rules persist after a reboot.
- --reload applies changes immediately.
Zones define trust levels for network traffic:
- Public – Least trusted (minimal access).
- Internal – More trusted (used in private networks).
- Trusted, External, Home, Work, Block – Various levels of restriction.
Setting the appropriate zone for each network interface ensures that services are only accessible where needed.
3. Enforcing Policies with SELinux
SELinux provides mandatory access control, preventing unauthorized programs from accessing system files—even if exploited.
Why It Matters
A compromised application could attempt to access system resources. SELinux ensures that even if an attacker gains access, they are restricted from making further changes outside predefined security rules.
Basic SELinux Commands
- Check SELinux Status:
getenforce
Shows if SELinux is Enforcing, Permissive, or Disabled.
- Enable Enforcing Mode Temporarily:
sudo setenforce 1
Immediately activates SELinux restrictions.
- Make It Permanent (Survives Reboots):
sudo nano /etc/selinux/config
Change:
SELINUX=enforcing
Save and reboot.
- Use sealert (GUI tool for SELinux alerts)
- Check logs for blocked actions:
cat /var/log/audit/audit.log | grep AVC
- This helps diagnose issues related to SELinux restrictions.
Proper user management ensures files and directories are only accessible by authorized users.
Key Tools for Access Control
- Change permissions (chmod)
chmod 600 secret.txt
Restricts access to the file’s owner.
- Change ownership (chown)
chown user:group file
Assigns a new owner and group.
- Grant limited admin access (sudo)
sudo usermod -aG wheel username
- Adds the user to the administrator group for controlled privilege escalation.
Unpatched systems are prime targets for attackers exploiting known vulnerabilities.
Keeping Software Up to Date
- Manually update the system:
sudo dnf update
- Enable automatic updates:
sudo dnf install dnf-automatic
sudo systemctl enable --now dnf-automatic.timer
- This ensures regular background updates, reducing security risks.
Tracking who did what on the system ensures accountability and security.
Key Log Files
- Authentication logs:
/var/log/secure
- System-wide logs:
journalctl
- Security audit logs:
auditd (audit service)
Using auditd to Monitor Activity
- Enable auditd:
sudo systemctl enable --now auditd
- Check audit logs for specific user actions:
sudo ausearch -ua yourusername
- Helps track security-related activities.
Implementing these security protocols ensures a stronger, more resilient Linux system.
Stay consistent with these and regularly review your systems to maintain a strong security posture.
This knowledge will serve you well whether you’re managing a single server or a complex network.
Let’s connect on LinkedIn
()
As I automate my journey into RHCE and Ansible, I’d love to connect with fellow learners and professionals. Feel free to reach out and join me as I share tips, resources, and insights throughout this 30-day challenge.
cloudwhistler #30daysLinuxchallenge