You can configure a free tool, like OSSEC, to block any IP address that tries connections to more than, say, three different ports within a five-minute period. The tool can use expanding lockout durations, so the first attempt creates a short lockout, but the next creates a one-day lockout. It takes the attacker forever to get through anything close to the available 65,536 ports. This renders the port scan ineffective as an attack toolin the short term, while making attacks easier to identify and catch and respond to by IT and security teams. With so many things to do in a day, it is easy to forget about security.
After the installation of a Linux-based system, so-called system hardening is needed. This involves a range of steps to tighten the capabilities of a system, its software, and its users. By applying best practices, we can reduce the chance of a system being misused or exploited.
Bash Script – Log Management
For those who want to become (or stay) a Linux security expert. When using a stable version (e.g. Ubuntu LTS), upgrade to the next version before its official support is ended. Don’t wait till the latest moment, but plan ahead and perform those Linux Hardening and Security Lessons upgrades. Before we start, let’s do a quick introduction to the main subjects. After all, good understanding starts with knowing the key concepts. A hardening guide is a document that provides suggested improvements to secure a system.
- If you have a colleague that leaves the company, have a tool like Ansible disable the account.
- The framework allows configuring most of the settings related to authentication, such as where to check that a user or account exists.
- It ensures that even if data is intercepted or accessed by unauthorized persons, it remains unreadable and secure.
- Please start your course media downloads as soon as you get the link.
A firewall denies access to unneeded network ports, so this is prevention. While prevention sounds like the best option of the two, that is not necessarily true. So security defenses that focus on detection are needed as well. It requires serious effort to improve Linux security and apply system hardening measures correctly. Good understand and keeping your knowledge up-to-date is important. So that is why this checklist will include a lot of other resources to build up your knowledge.
Lynis (security scanner and compliance auditing tool)
So set up monitoring with a tool like Nagios, Prometheus, or Zabbix. So with system hardening, we focus on the presence of security measures for your system. There are many technical aspects to it, but there are a few key principles. With labs, in-depth guides, and a lot of Linux security tools. Best practices are procedures or steps in a particular field of expertise that are generally accepted as being effective.
Most software packages are a collection of one or more tools bundled together. Sooner or later one of these packages might contain a vulnerability. For that reason, the system should be ‘patched’ on a regular basis.
SEC406: Linux Security for InfoSec Professionals
Do you have any other resources that are helpful to other readers? When a system goes down for whatever reason, then you have at least the data to do a recovery. It goes without saying, but a backup is as good as its restore.
- By attending this class, you will learn about Linux security concepts, best practices, and tools, and how to implement them in your organization.
- Therefore it makes sense to have technical controls in place to disable accounts.
- For those with enterprise needs, or want to audit multiple systems, there is an Enterprise version.
- This top 100 of security tools might give you some inspiration.
If you are dealing with a system with a lot of sensitive data, then usually you want to restrict the creation of these files. Too many companies still have accounts active that should not be there at all. That colleague that left, but the manager forgot to request deletion of the accounts and related permissions.