Data Structure
Networking
RDBMS
Operating System
Java
MS Excel
iOS
HTML
CSS
Android
Python
C Programming
C++
C#
MongoDB
MySQL
Javascript
PHP
Physics
Chemistry
Biology
Mathematics
English
Economics
Psychology
Social Studies
Fashion Studies
Legal Studies
- Selected Reading
- UPSC IAS Exams Notes
- Developer's Best Practices
- Questions and Answers
- Effective Resume Writing
- HR Interview Questions
- Computer Glossary
- Who is Who
5 Useful Linux Security Features and Tools for Beginners
Linux is a widely used operating system that is known for its robust security features. While Linux is generally considered to be more secure than other operating systems, it still requires proper configuration and management to ensure maximum security. Fortunately, there are several security features and tools that can help beginners secure their Linux systems. In this article, we will discuss 5 useful Linux security features and tools for beginners.
User Management
User management is an essential part of Linux security. By creating separate user accounts, you can limit access to sensitive files and data. By default, Linux creates a root account during installation. root account has access to all system files and settings and should be used sparingly.
Instead, it is recommended to create a regular user account with limited privileges. This can be done using useradd command. For example, to create a new user called "john," you can use following command −
sudo useradd -m john
The -m flag creates a home directory for user, and useradd command will prompt you to set a password for new user. Once user account is created, you can give them sudo privileges by adding them to sudoers file. sudoers file can be edited using visudo command. For example, to give user "john" sudo privileges, you can add following line to sudoers file −
john ALL=(ALL) ALL
This will allow user "john" to execute any command as root using sudo command.
Firewall
The firewall is a critical component of Linux security. It allows you to control incoming and outgoing network traffic and block unwanted connections. most popular firewall for Linux is called iptables.
Iptables uses a set of rules to determine how to handle incoming and outgoing traffic. By default, iptables blocks all incoming traffic and allows all outgoing traffic. To add a rule to allow incoming traffic on a specific port, you can use following command −
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
This will allow incoming traffic on port 22, which is used for SSH connections. To block incoming traffic on a specific port, you can use following command −
sudo iptables -A INPUT -p tcp --dport 80 -j DROP
This will block incoming traffic on port 80, which is used for HTTP connections.
SELinux
SELinux is a security module for Linux that provides enhanced security features. It uses a set of policies to enforce mandatory access control (MAC) on system resources. MAC is a security model that enforces restrictions on actions that a user or application can perform on a system.
By default, SELinux is disabled on most Linux distributions. To enable SELinux, you can use following command −
sudo setenforce 1
This will enable SELinux in enforcing mode. You can also edit SELinux configuration file at /etc/selinux/config to set SELinux to enforcing mode permanently.
ClamAV
ClamAV is an open-source antivirus software that can scan Linux systems for malware and viruses. It can detect and remove viruses, Trojans, and other malicious software. ClamAV can be installed using package manager of your Linux distribution.
To scan your system for malware using ClamAV, you can use following command −
sudo clamscan -r /
This will scan your entire system recursively and display any infected files. To remove infected files, you can use following command −
sudo clamscan -r --remove /
This will remove any infected files found during scan.
SSH
SSH (Secure Shell) is a protocol used to securely connect to a remote Linux system over network. SSH encrypts all communication between client and server, providing a secure way to access remote systems.
To connect to a remote system using SSH, you can use following command −
ssh username@remote-server
Replace "username" with your username on remote system and "remote-server" with IP address or hostname of remote system.
You can also use SSH to transfer files between systems using scp command. For example, to copy a file called "file.txt" from your local system to a remote system, you can use following command −
scp file.txt username@remote-server:/path/to/destination
Replace "username" with your username on remote system, "remote-server" with IP address or hostname of remote system, and "/path/to/destination" with path to destination directory on remote system.
Encryption
Encryption is an essential tool for securing data on a Linux system. Encryption allows you to protect sensitive data from unauthorized access, even if an attacker gains access to your system. Linux provides several encryption tools, including LUKS and GnuPG.
LUKS (Linux Unified Key Setup) is a disk encryption standard used by Linux. LUKS allows you to encrypt entire partitions or disks on your system. To create a LUKS encrypted partition, you can use following command −
sudo cryptsetup luksFormat /dev/sdb1
This will create a LUKS encrypted partition on device /dev/sdb1. You can then mount encrypted partition using following command −
sudo cryptsetup luksOpen /dev/sdb1 my-encrypted-partition
This will create a decrypted device called "my-encrypted-partition" that you can use to access encrypted partition.
GnuPG (GNU Privacy Guard) is a tool for encrypting and signing data. GnuPG uses public-key cryptography to secure data. To encrypt a file using GnuPG, you can use following command −
gpg --encrypt --recipient recipient@example.com file.txt
Replace "recipient@example.com" with email address of recipient, and "file.txt" with name of file you want to encrypt. GnuPG will create an encrypted file called "file.txt.gpg" that can only be decrypted by recipient with their private key.
Auditd
Auditd is a tool for monitoring system activity. It records system events, such as file accesses, process executions, and network activity, and stores them in a log file. Auditd can be used to detect and investigate security breaches on a Linux system.
To install Auditd on your system, you can use following command −
sudo apt-get install auditd
Once installed, you can start Auditd service using following command −
sudo systemctl start auditd
Auditd will then start logging system events to audit log file located at /var/log/audit/audit.log.
Fail2ban
Fail2ban is a tool for preventing brute-force attacks on a Linux system. Brute-force attacks are a common attack vector for hackers trying to gain access to a system by guessing passwords. Fail2ban works by monitoring system logs for repeated login failures and blocking IP addresses that exhibit suspicious behavior.
To install Fail2ban on your system, you can use following command −
sudo apt-get install fail2ban
Once installed, you can configure Fail2ban to monitor system logs and block IP addresses that exhibit suspicious behavior. For example, to block an IP address after three failed login attempts, you can add following rule to Fail2ban configuration file −
[sshd] enabled = true maxretry = 3
This will monitor SSH logs for failed login attempts and block IP address after three attempts.
Conclusion
Linux provides several security features and tools that can help beginners secure their systems. By properly configuring user accounts, firewalls, and SELinux policies, you can limit access to sensitive data and control incoming and outgoing network traffic. ClamAV can be used to scan for malware and viruses, while SSH provides a secure way to access remote systems. By using these tools and features, beginners can significantly improve security of their Linux systems.
2K+ Views
