Security Basics

Linux Security Basics

This section focuses on securing your Linux system. Security is a very important concept as hackers will try to gain access to your system. I know we have spent a lot of time learning how to run and configure Linux, but we also need to learn how to secure Linux O. We will look at some of the basics on how what can be done to secure your Linux OS, such as:

  • firewall configuration

  • password management

  • increasing privilege levels

  • viewing open network connections

We will also learn how to configure SSH to provide secure remote access to your Linux machine (you do not want to run telnet, this is not a secure protocol).

You can also configure Linux to support 2FA ! Great way to secure your Linux machine :-)

Linux Firewall Configuration

Linux has two popular ways of configuring a firewall and you might come across either of them when reading documentation or a how-to.

iptables: a command line firewall utility that you can configure to allow or block traffic. The rules are configured in different tables. Using iptables can be challenging as the rules can be complex.

ufw: This is a front end to iptables and is great to use on a host to configure a local firewall. With iptables being complex ufw (uncomplicated firewall) comes in handy to quickly and easily configure a firewall by simplifying the rules.

I previously used iptables when configuring my firewall rules, but I have started to learn to love ufw as it makes life a lot easier.

https://linux.die.net/man/8/iptables

https://manpages.ubuntu.com/manpages/bionic/man8/ufw.8.html

https://www.thegeekstuff.com/2011/06/iptables-rules-examples/

https://www.digitalocean.com/community/tutorials/ufw-essentials-common-firewall-rules-and-commands

https://www.cyberciti.biz/faq/ubuntu-22-04-lts-set-up-ufw-firewall-in-5-minutes/#google_vignette

lsof

The lsof (list open files) command provides us the ability to list any file on our linux system that is opened. The lsof command will also tell you what process has the file opened. The lsof command can even tell you files that are opened through a network connection! If you notice that your Linux system has a lot of network traffic it might be worth while to use this command to determine why.

https://linux.die.net/man/8/lsof

https://www.tecmint.com/10-lsof-command-examples-in-linux/

su & sudo

Both of these commands provide the ability to up your privilege levels. Both of these commands are extremely powerful and should be used with caution. Only provide access on a restrictive basis's.

The sudo command can be configure to provide higher privilege levels as needed to a specific user. It can be configured to be very restrictive or wide open.

The su command will give you full root access! Be very careful if you use this command.

https://linux.die.net/man/1/su

https://linux.die.net/man/8/sudo

https://tecadmin.net/linux-sudo-privileges-configuration/

ulimit

This is a very interesting command. The ulimit command provides the ability to limit the resources a user can use. With the ulimit command you can control the number of processes a user is able to run, limit the number of open files, and even configure their scheduling priority. For us, in this class, this is not a command that we will want to use on our VM. We do not want to change the settings of our user account and possibly make our life harder for the remainder of the semester. Though, it is important for you to understand that with Linux it is possible to have fine grain control over our users. To see all the possibilities of ulimit make sure to read 33 Practice Examples of ulimit.

https://linux.die.net/man/3/ulimit

ssh & sshd

The ssh command can be used to security remote into another system. Think of the ssh command as a client. The general syntax that you'll use with ssh is:

ssh username@hostname

sshd is not really a command, but a daemon that Linux runs. This is run in the background to provide remote access. This is a server. Also, another cool thing with using sshd is that you can also provide users access to sftp to be able to upload/download files security to your Linux system.

When you use ssh you are connecting to a ssh server (sshd). When you use ssh all your traffic is encrypted.

https://linux.die.net/man/1/ssh

https://www.linuxteck.com/basic-ssh-client-commands-in-linux/

When you install a sshd daemon it will have a default configuration that can be used right out of the box. Though, you might wish to secure the ssh protocol a bit more.

https://www.cyberciti.biz/tips/linux-unix-bsd-openssh-server-best-practices.html

gpg

The gpg (GNU Privacy Guard) allows you to encrypt files. When using gpg only the intended recipient has the ability to decrypt them and read them. This is a very powerful too. You can also integrate gpg with other services as well (like email).

https://linux.die.net/man/1/gpg

https://www.howtogeek.com/427982/how-to-encrypt-and-decrypt-files-with-gpg-on-linux/