Security is an important but complex topic.
So I’ll be doing a series of articles, focusing on the principles and working of security of Linux.
The challenge is that it’s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though whatever safeguards were once coded in.
For users, it means being vigilant—staying on top of your system and considering security a recurring task rather than something you do once and can then be considered finished. In this article, I’m going to run through the best practices for keeping your system secure. I’m not a hacker or a security expert so I’m not going to get very detailed. Instead, I’m going to explain some basic, fundamental, and essential security concepts and give you a few manageable things to do to keep your computer secure. In this series of articles, we’re going to discuss:
■ The user and superuser concept and how and why it keeps your computer secure
■ Linux viruses (and anti-viruses)
■ Best practices in running commands safely
■ Hardening Linux:OS Hardening Principles
Security issues can send personal information, like logins and passwords, to malicious third parties. These issues can also give these same bad people access to all of your personal files.
Think of security bugs as a hole in your home. With the hole there, things, like burglars, can get into your home. And think of security updates as patches for the holes. With the holes covered, it’s much tougher for someone to get in. Now let’s talk about other ways to keep your system secure. Let’s start with the Linux user and superuser concepts. This idea is the key to keeping Linux systems safe.
Running commands safely
Running commands safely is an important enough topic. As you’ve seen, the real security dangers with Linux are
ecryptfs-setup-private –nopwchekc –noautomount
Require a different password for the directory
Hide the directory by default
Create an encrypted directory
encryptfs-setup-private allows you to specify a password and mount behavior with flags. social ones. If someone tricks you into revealing your password or running the wrong command, they can assume control of your system. Security vulnerabilities often come about because of something the user did or didn’t do, rather than a fault in the code itself. New Linux users often find themselves online, trying to learn new things. While much of the advice you’ll find online is at least well-intentioned, there are people who post things that could harm your system or expose it to risk.
| Does the command… | Safe behavior |
| … require sudo? | Ask yourself if it makes sense that the command you’re running requires sudo. If you just want to move a file and someone is recommending sudo, think about how that doesn’t make sense because moving a file isn’t an administrative task. |
| … make sense to you? | Figure out what a complex command does. If it uses pipes, research each part of the pipe. Make sure you can roughly understand what each part of the command you’re using is doing and why you’re doing it. Back in the early days of Linux, certain people thought it was funny to advise new users to run the command rm -rf which would erase everything on their system. It’s not funny but was possible because people would run commands without knowing what the command would do. |
| … remove or overwrite files? | Back up files being changed. Because unless you’re 100% sure about the change, you could wind up breaking your system. It never hurts to make a backup of a file by copying it and saving the copy in a different location. If your command works successfully, you can delete the backup. And if it doesn’t, you’ll be glad you were careful. |
| … seem to be commonly used? | Before running a command you find online, do some research and see if other people recommend the same command for the same issue. There are lots of forums and lots of commands, but just because someone posted something doesn’t mean it’s correct. If you can find other people using the same command for the same issue, there’s a better probability the command is what you need. |
0 Comments