Basic Linux security commands that all IT security pros should know
Linux, known for its power, flexibility, and security, is a staple in the world of operating systems.
We love Linux, like a raccoon loves shiny things. Especially for personal projects. Why? Because Linux gives us control. It’s like having a fully customizable, open-source playground at our fingertips. As users, we can tinker, tweak, and tailor to our heart’s content, while Linux sports a charmingly cryptic command line interface that makes me (personally) feel like I’m casting fifth-level spells – and who doesn’t want that? Right?!
We believe it’s important to support Linux (through our own agents) as a part of The Truefort Platform. Our agents leverage advanced behavioral analysis, machine intelligence, and automation to monitor Linux network traffic, detect anomalous behavior, enforce security policies, and more. Alas, many agents from other companies don’t support Linux environments.
For administrators and security professionals, Linux security commands are a totally indispensable tools for managing systems and keeping them safe from threats.
Here’s a rundown of just thirteen essential – arguably the most useful – Linux security commands.
Short for “superuser do,” the sudo command allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. It’s a crucial command for system administration, enabling users to execute potentially dangerous commands with elevated privileges, while also logging command usage for accountability.
The chmod command is used to change the permissions of a file or directory. This is crucial for securing files and directories by controlling who can read, write, or execute them. For example, chmod 700 filename would give the owner read, write, and execute permissions, while all other users would have no permissions.
The chown command allows you to change the ownership of files and directories. This is another important tool for securing file and directory access. For example, chown user:group filename would change the ownership of the file to the specified user and group.
The passwd command is used to change a user’s password. Regularly changing passwords is a fundamental practice in maintaining secure systems.
A powerful firewall utility, the iptables command allows or blocks traffic based on the source and destination IP addresses, port numbers, and protocols. For example, iptables -A INPUT -p tcp –dport 22 -j DROP would drop all incoming TCP connections on port 22, effectively blocking SSH connections.
The netstat command is a network utility that displays network connections, routing tables, and a number of network interface and network protocol statistics. It’s handy for monitoring incoming and outgoing network connections.
As a modern replacement for netstat, the ss command is faster and provides more information. It can display more TCP and state information than other tools.
While not a command per se, the fail2ban service is an essential tool that protects your system from brute-force attacks. It monitors log files for too many failed login attempts and bans the offending IP addresses for a certain period.
The ps command is used to view active processes on a system. It’s a fundamental command for monitoring what’s running on your system and can be used in combination with other commands to kill unresponsive or malicious processes.
The usermod command allows an administrator to modify a user account. This can include adding the user to a new group (which may have certain permissions), changing the user’s home directory, or even changing the username.
While not specifically a security command, find is a powerful tool for locating files and directories. It can be used in conjunction with other commands to search for files with specific permissions or ownership.
The history command displays the command history of the current user. It’s beneficial for auditing purposes, allowing you to see what commands have been run previously.
The last command shows the last logins on the system. This can sometimes help to detect any unusual login activity.
Linux security commands are used for a shed-load of different reasons, all of which are important for managing and maintaining Linux cybersecurity, such as:
- Access Control: Commands like sudo, chmod, chown, and usermod allow administrators to control who can access specific files and directories, and what actions they can take. This helps ensure that only authorized users can access sensitive data or perform certain actions.
- Monitoring and Auditing: Commands such as netstat, ss, ps, history, and last allow administrators to monitor system activities and network connections. They can track which commands have been run, which users are logged in, which processes are running, and how network connections are being used. This is vital for detecting potential security threats and for performing forensic investigations after a security incident.
- System Hardening: Commands like iptables and services like fail2ban are used to harden the security of a system by setting up firewalls and defending against brute force attacks. This helps to protect the system from external threats.
- Password Management: The passwd command is used to change user passwords, an important aspect of user account security.
- File and System Management: The find command, while not exclusively a security command, is useful for locating files and directories based on various criteria, including permissions and ownership. This can be helpful in security-related tasks such as locating improperly secured files.
It’s worth remembering that, while these commands are a strong starting point for bolting down your Linux environment, they’re just the tip of the iceberg. Regular system updates, proper network configuration, and proactive monitoring are also essential to maintaining secure Linux security.
It’s also good to stay informed about the latest security best practices and always be mindful of the power these commands hold – a single mistake could have significant repercussions.
Mastering these commands is (arguably) part of the journey in becoming a Linux security expert, so starting to experiment with them could be the first step to becoming a Linux security pro. If you’re looking for more Linux cybersecurity best practices, and the possible pitfalls of Linux security, check out this post over on our blog.
echo “Until next time!” && logout