Linux manthan

Security is a critical aspect of Linux system administration. This guide covers essential security concepts, tools, and best practices for securing Linux systems.

System Hardening

Basic Hardening

1. System Updates

   # Regular updates
   apt update && apt upgrade  # Debian/Ubuntu
   yum update                 # RHEL/CentOS

   Copy

2. Service Management

   # Disable unnecessary services
   systemctl disable service
   # Check running services
   systemctl list-units --type=service

   Copy

3. File Permissions

   # Secure file permissions
   chmod 600 /path/to/file
   chown root:root /path/to/file

   Copy

Advanced Hardening

1. SELinux/AppArmor

   # Check SELinux status
   sestatus
   # Configure AppArmor
   aa-status

   Copy

2. System Configuration

   # Secure system parameters
   sysctl -w net.ipv4.tcp_syncookies=1
   sysctl -w net.ipv4.conf.all.accept_redirects=0

   Copy

Access Control

User Authentication

1. Password Policies

   # Configure password policies
   vi /etc/security/pwquality.conf
   # Set password expiration
   chage -M 90 username

   Copy

2. SSH Security

   # SSH configuration
   vi /etc/ssh/sshd_config
   # Disable root login
   PermitRootLogin no
   # Use key authentication
   PasswordAuthentication no

   Copy

File Permissions

# Set proper permissions
chmod 750 /home/user
chmod 600 ~/.ssh/authorized_keys
# Set ACLs
setfacl -m u:user:rx /path/to/directory

Network Security

Firewall Configuration

# UFW (Ubuntu)
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw enable
 
# Firewalld (RHEL/CentOS)
firewall-cmd --permanent --add-service=ssh
firewall-cmd --reload

Network Hardening

1. TCP Wrappers

   # Configure access control
   vi /etc/hosts.allow
   vi /etc/hosts.deny

   Copy

2. Network Parameters

   # Secure network settings
   sysctl -w net.ipv4.conf.all.accept_source_route=0
   sysctl -w net.ipv4.conf.all.accept_redirects=0

   Copy

Security Monitoring

Log Monitoring

# Monitor authentication logs
tail -f /var/log/auth.log
# Monitor system logs
tail -f /var/log/syslog
# Monitor failed login attempts
lastb

Security Tools

1. Intrusion Detection

   # Install and configure AIDE
   apt install aide
   aideinit
   # Regular checks
   aide --check

   Copy

2. Vulnerability Scanning

   # Run security audit
   lynis audit system
   # Network scanning
   nmap -sV -sS target

   Copy

Encryption

Disk Encryption

# LUKS encryption
cryptsetup luksFormat /dev/sda1
cryptsetup luksOpen /dev/sda1 secure
# Mount encrypted volume
mount /dev/mapper/secure /mnt/secure

SSL/TLS Configuration

# Generate SSL certificate
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate.crt
# Configure SSL in Apache
SSLEngine on
SSLCertificateFile /path/to/certificate.crt
SSLCertificateKeyFile /path/to/private.key

Security Best Practices

1. System Security

   • Regular updates
   • Minimal installation
   • Secure boot
   • File integrity monitoring

2. Access Control

   • Strong passwords
   • Two-factor authentication
   • Principle of least privilege
   • Regular access reviews

3. Network Security

   • Firewall rules
   • VPN configuration
   • Secure protocols
   • Network monitoring

4. Data Security

   • Encryption at rest
   • Secure backups
   • Data classification
   • Access controls

Incident Response

Detection

# Check for suspicious processes
ps aux | grep suspicious
# Check for unusual network connections
netstat -tuln
# Check file integrity
aide --check

Response

1. Immediate Actions

   • Isolate affected systems
   • Preserve evidence
   • Document incident
   • Notify stakeholders

2. Recovery

   • Restore from backup
   • Patch vulnerabilities
   • Update security measures
   • Review logs

Next Steps

Continue learning about:

• Advanced security tools
• Security automation
• Compliance frameworks
• Security auditing
• Incident response procedures