5 Basic Principles of Linux System Security

5 Basic Principles of Linux System Security

It is still common that people do not know where to start when it comes to information security. With 5 basic principles we can improve the Linux system security and question ourselves if we have done enough.


1. Know your system(s)

The first principle is about knowing what your system is supposed to do. What is its primary role, what software packages does it need and who needs access?

By knowing the role of the system you can better defend it against known and unknown threats.


Security Measures:


  • Password policy
  • Proper software patch management
  • Configuration management
  • Documentation


2. Least Amount of Privilege

Each process running, or package installed, might become a target. Security professionals call this the “attack surface”. What you want is to minimize this attack surface by removing unneeded components, limit access and by default use a “deny unless” strategy. This latter means that access by default is blocked, unless you allow it (whitelisting).

Security Measures:


  • Use minimal/basic installation
  • Only allow access to people who really need it

3. Perform Defense in Depth

Protect the system by applying several layers of security. This principle is named “defense in depth” and can be compared with an onion: to get to the core, you have to peel of layer by layer. One broken defense might help us protect against full compromise.

Security Measures:


  • IPtables / Nftables
  • Hardening of software components

4. Protection is Key, Detection is a Must

Security focuses on the protection of assets. While this is a primary objective, we should consider that one day our defenses are broken. Therefore we want to know this as soon as possible, so we can properly act. This is where principle 3 and 4 both are linked. Set-up proper detection methods, similar to the trip wires used by the military.

Security Measures:


  • Linux audit framework
  • Remote Logging
  • Create backups and test them


5. Know your Enemy


You can only protect a system the right way, if you know what threats you are facing. Why would this system be a target and who would be targeting it? Perform a risk analysis and determine what potential threats your system might endure.


Security Measures:


  • Vulnerability scans
  • Penetration tests
  • Risk analysis


One more thing...

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

See training package

Lynis Enterprise screenshot to help with system hardeningSecurity scanning with Lynis and Lynis Enterprise

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.



  • German GonzalezGerman Gonzalez

    Excellent your part of your blog with ” 5 Basic Principles of Linux System Security ”

    i’m going to download the Lynis and apply your recommendations.

    Also I am looking for to be partner of Us, its possible ?

    Let me to know more about it, thanks.

  • Great, enjoy using the software and enhancing security of your systems.

    Please send an e-mail to social@cisofy.com and we will have a look how we can help.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.