Linux Security

AES (Advanced Encryption Standard) is a widely used symmetric encryption algorithm that secures data by converting it into an unreadable format, which can only be decrypted with the correct key. AES was established by the U.S. National Institute of Standards and Technology (NIST) in 2001 as the standard for encrypting sensitive data and is used…

AppArmor (Application Armor) is a Linux security module that provides mandatory access control (MAC) to enforce security policies on individual applications. It restricts the capabilities of programs by confining them to a limited set of resources and operations, thereby reducing the potential damage that could occur if a program is compromised. Key Features: Common Commands:…

auditd is the userspace component of the Linux Auditing System, responsible for writing audit records to disk. It is part of a larger framework that helps administrators track security-relevant events and monitor system activities by recording them in log files. These logs can be crucial for security auditing, compliance, and forensic investigations. Key Features: Components…

The ca-certificates.crt file is a bundle of trusted Certificate Authority (CA) certificates used by various applications, such as web browsers and command-line tools, to verify the authenticity of SSL/TLS certificates presented by servers during secure communications (HTTPS, FTPS, etc.). This file plays a crucial role in ensuring that when you connect to a website or…

chage is a command-line utility in Unix-like operating systems, including Linux, used to manage and view password aging policies for user accounts. It allows system administrators to set or modify various password-related settings, such as how long a password remains valid before it must be changed, when a user account will be disabled, and when…

chcon is a command in Linux used to change the SELinux (Security-Enhanced Linux) security context of a file or directory. SELinux uses security contexts, which include user, role, type, and level information, to enforce its security policies. The chcon command allows you to modify the security context of a file or directory without altering the…

chroot (short for “change root”) is a command in Unix-like operating systems, including Linux, that allows you to change the apparent root directory (/) for the current running process and its child processes. This effectively isolates the process in a confined directory structure, often referred to as a chroot jail, where it cannot access files…

EncFS (Encrypted Filesystem) is an open-source encryption tool that allows users to create an encrypted virtual filesystem on top of an existing directory. It encrypts individual files and directories in real-time, providing a flexible and convenient way to secure sensitive data. EncFS is particularly useful when you need encryption without the need for administrative privileges…

Fail2ban is an open-source intrusion prevention software framework that helps protect Linux servers from brute-force attacks and other malicious activity by monitoring log files and automatically banning IP addresses that show signs of suspicious behavior. It is commonly used to secure services like SSH, Apache, and others by temporarily or permanently blocking IP addresses that…

The fstab (file systems table) is a configuration file in Unix-like operating systems, including Linux, that contains information about the disk drives and partitions that should be automatically mounted when the system boots. This file is crucial for defining how and where the storage devices are mounted within the directory structure. Location: File Format: The…

getfacl is a command-line utility in Unix-like operating systems, including Linux, that displays the Access Control Lists (ACLs) associated with files and directories. ACLs provide a more flexible permission mechanism than the traditional Unix file permission system (owner, group, others), allowing you to specify permissions for individual users and groups beyond the file’s owner and…

GPG (GNU Privacy Guard) is an open-source encryption tool that allows users to encrypt and sign data and communications to ensure privacy and security. It is a part of the GNU Project and serves as a free replacement for PGP (Pretty Good Privacy). GPG uses public-key cryptography, where users have a pair of cryptographic keys:…

iptables is a command-line utility in Linux that allows system administrators to configure the kernel’s built-in packet filtering and NAT (Network Address Translation) rules. It is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. These rules control the incoming and outgoing network traffic, determining which…

The iptables -A command is used to append a new rule to an existing chain in the iptables firewall. iptables is a powerful command-line tool for configuring the Linux kernel’s built-in firewall, allowing you to set up rules for filtering network traffic, performing Network Address Translation (NAT), and managing network security. Basic Syntax: Example Usages:…

ldd is a command-line utility in Unix-like operating systems, including Linux, that prints the shared libraries required by a given executable or shared object file. It is particularly useful for diagnosing issues related to missing dependencies or to understand what libraries a program depends on. Basic Syntax: Example Usage: Output: This output shows the shared…

Logwatch is a customizable log analysis tool that provides a centralized summary of logs from various services and applications on a Linux system. It scans the log files on the system, analyzes the content, and generates reports that are typically emailed to the system administrator. These reports summarize important events, such as security issues, system…

The ls -Z command in Linux is used to display the SELinux security context of files and directories alongside the usual file attributes. This command is particularly useful for administrators and users who need to manage and troubleshoot SELinux (Security-Enhanced Linux) settings on a system. Syntax: Key Points: Example Output: When you run ls -Z,…

Mandatory Access Control (MAC) is a security model used to enforce strict access controls based on predefined policies set by the system administrator or governing authority. Unlike Discretionary Access Control (DAC), where users have the freedom to set access permissions on their own files, MAC policies are enforced at the system level and cannot be…

PAM (Pluggable Authentication Modules) is a flexible, modular authentication framework used in Unix-like operating systems, including Linux. PAM provides a set of shared libraries that allow system administrators to configure how applications and services authenticate users, without modifying the applications themselves. This modular approach makes it easier to manage authentication methods across different services and…

quota is a command-line tool in Unix-like operating systems, including Linux, that allows administrators to manage disk space usage limits for users and groups. By setting quotas, you can restrict the amount of disk space (in blocks) and the number of inodes (files and directories) that a user or group can consume. This helps prevent…

SELinux (Security-Enhanced Linux) is a security module integrated into the Linux kernel that provides a mechanism for supporting access control security policies. Developed by the NSA, SELinux implements Mandatory Access Control (MAC), which restricts users and processes to only the resources they need to perform their tasks, adding a robust layer of security to the…

setuid (Set User ID) is a Unix/Linux file permission that allows a user to execute a file with the permissions of the file’s owner, rather than with the permissions of the user who runs it. This is particularly useful for allowing ordinary users to run programs that require higher privileges, such as administrative tasks. How…

ssh-keygen is a command-line utility in Unix-like operating systems, including Linux, used to generate, manage, and convert authentication keys for SSH (Secure Shell). SSH keys are a more secure alternative to passwords for logging into remote servers because they use public-key cryptography, which is much harder to crack. Basic Concepts: Generating a New SSH Key…

The sshd_config file is the main configuration file for the OpenSSH server daemon (sshd) on Unix-like operating systems, including Linux. This file controls various settings and options related to the behavior of the SSH server, such as authentication methods, access control, and connection parameters. Key Configuration Options in sshd_config: Example Workflow: Security Considerations: The sshd_config…

The sticky bit is a special permission in Unix-like operating systems, including Linux, that can be set on directories to control user deletion privileges. When the sticky bit is set on a directory, only the directory’s owner, the file’s owner, or the root user can delete or rename files within that directory, even if other…

tcpdump is a powerful command-line packet analyzer tool that allows users to capture and analyze network traffic in real-time on Unix-like operating systems, including Linux. It provides a detailed view of the data being transmitted over a network, making it an essential tool for network administrators, security professionals, and developers. Key Features: Basic Usage: The…

Tripwire is a security tool used in Unix-like operating systems, including Linux, to detect and alert on unauthorized changes to files and directories. It is often used as part of an intrusion detection system (IDS) to monitor the integrity of critical system files and directories by comparing their current state to a known, trusted baseline….

umask (user file creation mask) is a command and system setting in Unix-like operating systems, including Linux, that determines the default file permissions for newly created files and directories. When a file or directory is created, the umask value is subtracted from the system’s default permissions to determine the final permission settings. Default Permissions: How…