Linux Security and Hardening
General Linux Security
Physical Security for Linux
Network Security in Linux
Additional Security Resources
In this section, you’ll take a deep dive into Linux security. You’ll build your knowledge and skills through a comprehensive overview of the key areas that you need to know to secure Linux systems.
You’ll begin with Linux security in general before moving on to physical security and the countermeasures you can employ to protect your hardware. From there, you’ll explore authentication systems and the various account types on a Linux system, and how to secure each one. You'll also learn how to enforce strong passwords and manage account and password expirations.
In the networking section, you'll learn how to secure network services that run on Linux systems. You'll also learn how the local firewall works in Linux and how to configure it. You’ll learn about file system security and how permissions work in detail, including special modes, file attributes, and ACLs. You'll also discover what rootkits are, how to detect them, and how to remove them.
You’ll also find several security resources you can use to continue your security education and stay on top of the latest security issues for Linux distributions.
There are several knowledge checks as you go through these resources. These will help you identify any areas that you might need or want to review. At the end you’ll find a final exam, where you can test yourself on what you’ve learnt.
- Get a general view of Linux security including roles, network services, encryption, accounts, and multifactor authentication
- Learn specific strategies for mitigating physical security risks and protecting your Linux systems against the most common physical attacks
- Learn about data encryption and how to implement it on new Linux systems, as well as those that are already in service
- Understand the different types of accounts you'll find on a Linux system and the special precautions you need to take with each account type
- Learn how to enforce good password security practices on your Linux systems
- Learn about multi-factor authentication and how it can be implemented in Linux
- Learn techniques and strategies to secure network services
- Learn how to secure your files and directories on Linux through permissions, data sharing, special modes, file attributes, ACLs, and rootkits
Typically, when you press Ctrl + Alt + Del all at the same time your Linux system initiates a reboot. If an attacker could get access to the keyboard of the system, then they could initiate a reboot. That would allow them to boot into single user mode or bypass init, for example. It's practically like having access to the power button. So, in what cases would someone have access to the keyboard of a machine, but not the power button? The most common case would be a remote console of some sort. Some hardware vendors provide this capability where you can connect over the network to the remote console and type commands into the computer just like you had plugged a keyboard into it. Many of those have virtual power buttons as well. There are some remote consoles that are really KVM devices. KVM, of course, stands for keyboard, video and mouse. If an attacker gained access to the network KVM, then they could send keystrokes to your system. They wouldn't have access to the power button but they could send a Ctrl + Alt + Del sequence. To protect against this scenario, we'll configure our system to ignore Ctrl + Alt + Del instead of rebooting. On systems that you systemd, you simply mask or disable the Ctrl + Alt + Del target. The first command systemctl mask ctrl-alt-del.target disables it, typically, it's just a pointer to the reboot target. To make the change effective, now, instead of waiting for a reboot run systemctl daemon-reload. If you're using a system with an older style init process, simply take out the ctrl-alt-del line from the Etsy init tab and reload init.