Security is not optional. Understanding Linux security fundamentals protects your systems and data.
User Management
useradd -m username # Create user
passwd username # Set password
usermod -aG group user # Add to group
userdel -r username # Delete user
File Permissions
chmod 755 file # Set permissions
chmod u+x file # User execute
chown user:group file # Change ownership
chgrp group file # Change group
Permission Numbers
- 4 = read
- 2 = write
- 1 = execute
- 755 = rwxr-xr-x
- 644 = rw-r--r--
SSH Security
# Disable password authentication
# Edit /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes
# Change default port
Port 2222
# Restrict users
AllowUsers user1 user2
Firewall Configuration
# UFW example
ufw default deny incoming
ufw default allow outgoing
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable
Fail2Ban
Protect against brute force attacks:
apt install fail2ban
systemctl enable fail2ban
systemctl start fail2ban
SELinux/AppArmor
Mandatory Access Control:
# SELinux (Red Hat)
getenforce
setenforce 1
# AppArmor (Debian/Ubuntu)
aa-status
Updates
apt update && apt upgrade # Debian/Ubuntu
dnf update # Red Hat
pacman -Syu # Arch
Best Practices
- Regular security updates
- Strong passwords or key-based auth
- Minimal installed software
- Regular security audits
- Encrypted sensitive data
- Backup and recovery plans
Security is an ongoing process, not a one-time setup.