Linux Security Basics

Linux is widely used in servers, cloud environments, and security-focused distributions like Kali Linux and Parrot OS. Understanding Linux security fundamentals is crucial for protecting systems against unauthorized access, malware, and cyberattacks.

This module covers the core security concepts and practices every Linux user and cybersecurity professional should know.

1. Importance of Linux Security

Linux is considered secure by design, but vulnerabilities can still exist. Security is important to:

• Protect sensitive data and files
• Prevent unauthorized access to the system
• Maintain system integrity and uptime
• Comply with security standards and regulations

Security in Linux involves user management, file permissions, firewalls, and regular system updates.

2. Managing Users Securely

Proper user management ensures that only authorized users can access the system.

Key Practices:

• Create limited accounts for daily use, avoid using root directly
• Assign users to appropriate groups
• Remove inactive accounts

Create a new user:

sudo adduser john

Add user to a group:

sudo usermod -aG sudo john

Delete a user:

sudo deluser john

3. Password Policies

Strong password policies prevent unauthorized access.

Recommendations:

• Minimum length: 8–12 characters
• Include uppercase, lowercase, numbers, and symbols
• Avoid default or easily guessed passwords
• Change passwords periodically

Enforce password policies using /etc/login.defs:

• PASS_MAX_DAYS – Maximum password age
• PASS_MIN_DAYS – Minimum password age
• PASS_WARN_AGE – Warning period before password expires

4. File Permissions for Security

Linux uses permissions and ownership to protect files and directories.

Key Points:

• Read (r) – View file content
• Write (w) – Modify file content
• Execute (x) – Run file as a program

Apply secure permissions to sensitive files:

chmod 700 /root/secret.txt

This gives full access to the owner only.

Audit file permissions regularly to prevent unauthorized access.

5. Understanding Firewalls

A firewall controls incoming and outgoing network traffic.

• Helps block unauthorized access
• Restricts unnecessary services from exposure
• Logs network events for monitoring

Linux supports multiple firewall tools, such as:

• iptables – Advanced packet filtering
• ufw – Simplified firewall management
• firewalld – Dynamic firewall for Red Hat-based systems

6. Introduction to UFW Firewall

ufw (Uncomplicated Firewall) simplifies firewall management.

Basic UFW Commands:

Check status:

sudo ufw status

Enable firewall:

sudo ufw enable

Allow a service or port:

sudo ufw allow 22    # Allow SSH
sudo ufw allow 80    # Allow HTTP

Deny access:

sudo ufw deny 23     # Block Telnet

Delete a rule:

sudo ufw delete allow 80

Reset firewall to default:

sudo ufw reset

Cybersecurity Importance

• Proper user and password management prevents unauthorized access
• File permissions reduce risk of data leakage
• Firewalls prevent network-based attacks
• Combined with regular updates, these practices create a secure Linux environment

Module Summary

Students should now understand:

1. Why Linux security is important
2. How to manage users securely
3. How to enforce password policies
4. How to apply secure file permissions
5. What firewalls are and why they’re needed
6. How to use ufw to allow or block network traffic