Introduction
If you're managing a Linux system, one of the most important responsibilities you'll take on is securing your environment.
You can’t afford to leave your system open to threats, and that’s where understanding security protocols comes in.
This guide covers essential security measures every Linux system administrator should enforce to safeguard a Linux environment effectively.
Table of Contents
- 1. Securing SSH Access
- 2. Managing Firewalls with Firewalld
- 3. Enforcing Policies with SELinux
- 4. Controlling Access with Users, Groups, and Permissions
- 5. Keeping the System Updated
- 6. Monitoring and Auditing Activity
- Conclusion
- Let's Connect on LinkedIn
1. Securing SSH Access
SSH is the main entry point for remote system administration, making it a high-priority target for attackers.
Why It Matters
Hackers scan for open SSH ports constantly, looking for weak configurations to break in. If SSH security is compromised, an attacker could take full control of the system.
Best Practices
-
Disable Root Login (Prevent direct root access)
- Edit configuration:
sudo nano /etc/ssh/sshd_config- Change:
PermitRootLogin no- Restart SSH:
sudo systemctl restart sshd
Why? If an attacker gains access as root, they can install malware, delete files, or shut down the server. Hackers often target root because it’s a default username, making it easier for brute-force attacks.
-
Use Key-Based Authentication Instead of Passwords
- Generate SSH keys:
ssh-keygen- Copy the key to the remote server:
ssh-copy-id user@server
Why? Keys eliminate password-based authentication, making it impossible for attackers to brute-force their way in.
-
Consider Changing the Default SSH Port
- Modify SSH config:
Port 2222
While not a replacement for strong authentication, changing the port reduces automated scans targeting default SSH ports.
2. Managing Firewalls with Firewalld
Firewalld controls network access, defining which services can communicate with the system.
Why It Matters
Without a firewall, any service running on the system is exposed to the internet including ones that shouldn’t be accessible externally. Firewalld blocks unauthorized traffic while allowing trusted services like SSH and HTTPS.
Basic Firewall Commands
- Check Firewall Status:
sudo firewall-cmd --state
-
Confirms whether Firewalld is active.
- List Allowed Services:
sudo firewall-cmd --list-all
-
Shows currently permitted services and firewall rules.
- Add a Trusted Service (e.g., SSH):
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
- The
--permanentflag ensures rules persist after a reboot. -
--reloadapplies changes immediately.
Zones in Firewalld
Zones define trust levels for network traffic:
- Public – Least trusted (minimal access).
- Internal – More trusted (used in private networks).
- Trusted, External, Home, Work, Block – Various levels of restriction.
Setting the appropriate zone for each network interface ensures that services are only accessible where needed.
3. Enforcing Policies with SELinux
SELinux provides mandatory access control, preventing unauthorized programs from accessing system files—even if exploited.
Why It Matters
A compromised application could attempt to access system resources. SELinux ensures that even if an attacker gains access, they are restricted from making further changes outside predefined security rules.
Basic SELinux Commands
- Check SELinux Status:
getenforce
-
Shows if SELinux is Enforcing, Permissive, or Disabled.
- Enable Enforcing Mode Temporarily:
sudo setenforce 1
-
Immediately activates SELinux restrictions.
- Make It Permanent (Survives Reboots):
sudo nano /etc/selinux/config
-
Change:
SELINUX=enforcing Save and reboot.
Troubleshooting SELinux
- Use sealert (GUI tool for SELinux alerts)
- Check logs for blocked actions:
cat /var/log/audit/audit.log | grep AVC
- This helps diagnose issues related to SELinux restrictions.
4. Controlling Access with Users, Groups, and Permissions
Proper user management ensures files and directories are only accessible by authorized users.
Key Tools for Access Control
-
Change permissions (
chmod)
chmod 600 secret.txt
-
Restricts access to the file’s owner.
-
Change ownership (
chown)
-
Change ownership (
chown user:group file
-
Assigns a new owner and group.
-
Grant limited admin access (
sudo)
-
Grant limited admin access (
sudo usermod -aG wheel username
- Adds the user to the administrator group for controlled privilege escalation.
5. Keeping the System Updated
Unpatched systems are prime targets for attackers exploiting known vulnerabilities.
Keeping Software Up to Date
- Manually update the system:
sudo dnf update
- Enable automatic updates:
sudo dnf install dnf-automatic
sudo systemctl enable --now dnf-automatic.timer
- This ensures regular background updates, reducing security risks.
6. Monitoring and Auditing Activity
Tracking who did what on the system ensures accountability and security.
Key Log Files
- Authentication logs:
/var/log/secure
- System-wide logs:
journalctl
- Security audit logs:
auditd (audit service)
Using auditd to Monitor Activity
- Enable auditd:
sudo systemctl enable --now auditd
- Check audit logs for specific user actions:
sudo ausearch -ua yourusername
- Helps track security-related activities.
Conclusion
Implementing these security protocols ensures a stronger, more resilient Linux system.
Stay consistent with these and regularly review your systems to maintain a strong security posture.
This knowledge will serve you well whether you’re managing a single server or a complex network.
Let’s connect on LinkedIn
As I automate my journey into RHCE and Ansible, I’d love to connect with fellow learners and professionals. Feel free to reach out and join me as I share tips, resources, and insights throughout this 30-day challenge.
Top comments (0)