This course covers the security features that you can use in order to secure your files and directories on Linux. We look at permissions, data sharing, special modes, file attributes, ACLs, and rootkits. You will also have the chance to follow along with guided demonstrations which will give you a practical understanding of the concepts covered.
Learning Objectives
- Learn how Linux file and directory permissions work and how to apply the proper permissions to files and directories
- Learn how to share data securely with groups and multiple users on a Linux system
- Understand how special modes add extra security to file systems
- Learn how to make files unchangeable even by the root user and how to secure the log files on a Linux system by making them append-only
- Learn how to secure files and directories using ACLs
- Learn about rootkits and how to discover and remove them
Intended Audience
This course is intended for anyone who wants to understand how to secure their Linux systems.
Prerequisites
To get the most out of this course, you should already have a good working knowledge of Linux. If you want to brush up on your Linux skills, consider taking our Learn Linux in 5 Days learning path first.
Let's make it, so the etc hosts file is immutable because we want to make sure that all of our entries are not changed without some forethought. First, let's look at the attributes of the file. I'm going to do that by running LSATTR and then I'll use the path to the file. In this case, slash etc slash hosts. There are all dashes there. So that means there is currently no attribute set. So I'm going to add the I flag. So I use CHATTR plus I is one way to add an attribute to a file, specify the path. And now if I were to try to edit the file I couldn't. So let me try to edit the file. Let's say I was trying to put some data here and I try to write it and it says it can't open the file for writing. So exit out. Now, I can't delete the file either. Let me try that. Are you sure you want to do that? Yes, I am. But you can't. The operation is not permitted. Now, if I wanna change an entry in the hosts file. I need to remove the immutable attribute first. So one way to do that is CHATTR dash I etc hosts. You can see that the I is gone in the LSATTR output. Now I can go ahead and edit the etc hosts file. Let's say we put in another private link to another database server here and I'll change that. And then I'll go ahead and then set the I attribute back on the hosts file. Now let's make it so that the Apache log files are append only. I'm going to use the equal sign here and we're just going to set these files to have the append only attribute. So a and then all the files in this directory and then we can run LSATTR. And it shows us that indeed the append attribute has been set on those files. So now I can append to them, but I can't prepend or modify any of the existing contents. So if I were to do something like this append some data to the log file, and it shows up in the log file. Now that I've done that, let's see if I can go back and remove that line. And at here, delete the first line, right. Can't open the file for writing. It's not gonna let me do it. I'm gonna go ahead and quit out of the file. Again, with the eight attribute set. I can only append data to that file. So if an attacker tried to cover their tracks they couldn't, unless they had access to the root account to remove the append file attribute.
Jason is the founder of the Linux Training Academy as well as the author of "Linux for Beginners" and "Command Line Kung Fu." He has over 20 years of professional Linux experience, having worked for industry leaders such as Hewlett-Packard, Xerox, UPS, FireEye, and Amazon.com. Nothing gives him more satisfaction than knowing he has helped thousands of IT professionals level up their careers through his many books and courses.