Linux Security and Hardening
General Linux Security
Physical Security for Linux
Network Security in Linux
Additional Security Resources
In this section, you’ll take a deep dive into Linux security. You’ll build your knowledge and skills through a comprehensive overview of the key areas that you need to know to secure Linux systems.
You’ll begin with Linux security in general before moving on to physical security and the countermeasures you can employ to protect your hardware. From there, you’ll explore authentication systems and the various account types on a Linux system, and how to secure each one. You'll also learn how to enforce strong passwords and manage account and password expirations.
In the networking section, you'll learn how to secure network services that run on Linux systems. You'll also learn how the local firewall works in Linux and how to configure it. You’ll learn about file system security and how permissions work in detail, including special modes, file attributes, and ACLs. You'll also discover what rootkits are, how to detect them, and how to remove them.
You’ll also find several security resources you can use to continue your security education and stay on top of the latest security issues for Linux distributions.
There are several knowledge checks as you go through these resources. These will help you identify any areas that you might need or want to review. At the end you’ll find a final exam, where you can test yourself on what you’ve learnt.
- Get a general view of Linux security including roles, network services, encryption, accounts, and multifactor authentication
- Learn specific strategies for mitigating physical security risks and protecting your Linux systems against the most common physical attacks
- Learn about data encryption and how to implement it on new Linux systems, as well as those that are already in service
- Understand the different types of accounts you'll find on a Linux system and the special precautions you need to take with each account type
- Learn how to enforce good password security practices on your Linux systems
- Learn about multi-factor authentication and how it can be implemented in Linux
- Learn techniques and strategies to secure network services
- Learn how to secure your files and directories on Linux through permissions, data sharing, special modes, file attributes, ACLs, and rootkits
By default, Ubuntu doesn't set a password on the root account. If you were to manually install Ubuntu, it'll ask you to create an account to use for administration purposes. It won't let you set a root password. This is fine because root logins are disabled by default in Ubuntu, but when you boot into single user mode, you will get a root prompt, even if you've configured the system to prompt for a root password. There is no password, so it can't ask for one. To make this work, you must set a root password. Here's an Ubuntu system and I'm going to boot it into single user mode. Here we are at a root prompt and we weren't prompted for a password. I'm gonna show you that the SU login process was actually executed versus the SU shell. The SU login is the one that should prompt you for a password. So we'll just look at our current PID, which is dollar dollar. It's PID 583, we'll look at that. PID 58- Oops, 583. And its parent PID is 581, so we'll look at its parent. PID 581. And you can see that as you log in, was indeed executed and that spawned our Bash shell. I can also show you that as you log in is configured for system D as well. So we'll just get into the lib, system D. System directory here. And then we'll grab a, as you log in for our emergency.target. Oops, I'm sorry, emergency.service. And then we'll grab that for rescue.service as well. So you can see that system D is configured to execute as you log in. But again, it didn't prompt us for a password. So the root password is not set on this system. I can show you that by doing a head dash one on etc shadow. And you can see where the encrypted password would be, there's an exclamation mark there. So I'll go ahead and set the root password using the passwd command. All right, there's the root password, it's been set. So now that a password is set, when we boot into a single user mode it will prompt us for that password. Let's do this real quick. I'll just go ahead and reboot it. And we're going to boot into single user mode. And now that we're using SU log in and a password is set for the root account, we're being prompted for that password. If I didn't touch on this specific distro you're using, just look for all instances of SU shell and the Buddha process for your distro and replace them with SU log in. If you think about this conceptually, you know that the bootloader starts the kernel and the kernel then starts some other process. Typically that process is a net or an a net replacement. Just think about how the boot process works and it will lead you to where you need to make any changes.