1. Home
  2. Training Library
  3. Linux Security and Hardening | CSL4 A3.1 |

Account Security Demo #2

Start course
Overview
Difficulty
Beginner
Duration
3h 21m
Description

In this section, you’ll take a deep dive into Linux security. You’ll build your knowledge and skills through a comprehensive overview of the key areas that you need to know to secure Linux systems.

You’ll begin with Linux security in general before moving on to physical security and the countermeasures you can employ to protect your hardware. From there, you’ll explore authentication systems and the various account types on a Linux system, and how to secure each one. You'll also learn how to enforce strong passwords and manage account and password expirations.

In the networking section, you'll learn how to secure network services that run on Linux systems. You'll also learn how the local firewall works in Linux and how to configure it. You’ll learn about file system security and how permissions work in detail, including special modes, file attributes, and ACLs. You'll also discover what rootkits are, how to detect them, and how to remove them.

You’ll also find several security resources you can use to continue your security education and stay on top of the latest security issues for Linux distributions.

There are several knowledge checks as you go through these resources. These will help you identify any areas that you might need or want to review. At the end you’ll find a final exam, where you can test yourself on what you’ve learnt.

Learning Objectives

  • Get a general view of Linux security including roles, network services, encryption, accounts, and multifactor authentication
  • Learn specific strategies for mitigating physical security risks and protecting your Linux systems against the most common physical attacks
  • Learn about data encryption and how to implement it on new Linux systems, as well as those that are already in service
  • Understand the different types of accounts you'll find on a Linux system and the special precautions you need to take with each account type
  • Learn how to enforce good password security practices on your Linux systems
  • Learn about multi-factor authentication and how it can be implemented in Linux
  • Learn techniques and strategies to secure network services
  • Learn how to secure your files and directories on Linux through permissions, data sharing, special modes, file attributes, ACLs, and rootkits
Transcript

I'm going to log into this Linux system as root. Let's go ahead and look at the Pam configuration for log in. Here you can see that the auth interface of the Pam underscore securetty module is being used. I'm going to run the W command which will show what device I'm logged in as. Okay, I'm on tty1. Now let's look at the etc securetty file. Here you can see a list of devices that root is allowed to log into. You can see that tty1 is listed and that's what I'm logged into right now. I'm going to remove tty1 and attempt to log in again. Remove that, write the file, close out. Log in this root. And I supplied the root password correctly. I'll do it again. And sure enough it's not letting me log into the system. So tty1 represents the first virtual console on a Linux machine. To get to the second virtual console you type CTRL + ALT + F2. To get to the third you type CTRL + ALT + F3 and so on. So I'm going to switch to the second virtual console right now by typing CTRL + ALT + F2. Now I should be able to log in as root because tty2 the second virtual console is in the etc securetty file. Let me try that out. Log in as this root. I get access, I run the W command and sure enough I'm on tty2. And tty2 is indeed in the etc securetty file. I'm going to empty etc securetty file. I can do this by a couple of different ways. I'll just edit it, and Just delete all the lines in it and write it. So let me look at that file. Sure enough nothing's in there. So now when I go to log into root I should not be allowed. Again I can't log in as root on this tty because it's not listed in the securetty file. I'll go ahead and log in as myself with my normal user account. And sure enough that works. Again, the etc securetty file controls root logins but not normal account logins. So if you wanna prevent direct root log ins create an anti securetty file.

About the Author