Linux Security Book
One day we will collect all that we have written and put it in a nice book. For now, let’s start categorizing the posts.
Can’t wait? Follow our training program Linux security expert.
Basic Linux knowledge
The first step is knowing the basics of Linux. Too often this area is ignored, while it may actually have the biggest impact of all. Knowing the right tools in Linux can cut work in half.
Our first tip is to learn how to properly use the grep command. Within this referenced article, you find several ways to quickly weed out data you are not interested in. A great way to get to the gems in your dataset and very useful for automating repeating tasks.
One of the most breached entry points of a Linux system is via weak passwords. This could be a default password, or simply a password that is too easy to guess. Linux systems can be hardened by configuring a minimum password length and related password strength. The minimum password length increases the power needed to crack the related password.
Another protection mechanism is using pam_tally or pam_tally2 to counter brute-force attempts to guess the password of a user. Too many failed login attempts can trigger a temporary lock for that user.
Linux compliance and security standards
The increasing number of security standards can make our life more complicated. Especially if these standards are vague in nature and don’t really describe what they expect from you. So these standards need to be translated into technical steps and advice. One of these documents is achieving PCI DSS compliance and certification for Linux, for those who deal with credit card payments.
Another regulation that will need to be addressed by companies storing personal information on citizens from the European Union is the General Data Protection Regulation (GDPR). We addressed the steps to take to minimize the risk on breaches in our GDPR guide with technical requirements for Linux systems.
Many of the system hardening principles apply to all Linux distributions. Each of these distributions still has their own way of being configured. Here is a Ubuntu system hardening guide.