{"id":881,"date":"2017-01-26T15:00:40","date_gmt":"2017-01-26T13:00:40","guid":{"rendered":"https:\/\/community.virtono.com\/?p=881"},"modified":"2023-06-21T09:57:24","modified_gmt":"2023-06-21T06:57:24","slug":"linux-security-privacy-on-linuxencryption","status":"publish","type":"post","link":"https:\/\/www.virtono.com\/community\/knowledgebase\/linux-security-privacy-on-linuxencryption\/","title":{"rendered":"Linux Security: Privacy on Linux(Encryption)"},"content":{"rendered":"

Security is an important but complex topic.<\/p>\n

So I’ll be doing a series of articles, focusing on the principles and working of security of Linux.<\/p>\n

The challenge is that it\u2019s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though whatever safeguards were once coded in.<\/p>\n

For users, it means being vigilant\u2014staying on top of your system and considering security a recurring task rather than something you do once and can then be considered finished. In this article, I\u2019m going to run through the best practices for keeping your system secure. I\u2019m not a hacker or a security expert so I\u2019m not going to get very detailed. Instead, I\u2019m going to explain some basic, fundamental, and essential security concepts and give you a few manageable things to do to keep your computer secure. In this series of articles, we\u2019re going to discuss:<\/p>\n

\u25a0 The user and superuser concept and how and why it keeps your computer secure<\/a><\/p>\n

\u25a0 Linux viruses (and anti-viruses)<\/a><\/p>\n

\u25a0 Linux firewalls<\/a><\/p>\n

\u25a0 Privacy on Linux<\/a><\/p>\n

\u25a0 Best practices in running commands safely<\/a><\/p>\n

\u25a0 Hardening Linux:OS Hardening Principles<\/a><\/p>\n

Security issues can send personal information, like logins and passwords, to malicious third parties. These issues can also give these same bad people access to all of your personal files.
\nThink of security bugs as a hole in your home. With the hole there, things, like burglars, can get into your home. And think of security updates as patches for the holes. With the holes covered, it\u2019s much tougher for someone to get in. Now let\u2019s talk about other ways to keep your system secure. Let\u2019s start with the Linux user and superuser concepts. This idea is the key to keeping Linux systems safe.<\/p>\n

Encryption<\/strong><\/p>\n

Encryption is a way of keeping data safe by making it unreadable to the naked eye. If we double-click an unencrypted file, it opens and we can read it. However, if we open an encrypted file, we can\u2019t read what\u2019s in it. Encrypted files need to be transformed in some way, usually using a key, which is sort of like a code that changes the encrypted file into something you can read. It is another level of protection beyond your password. Your Linux system has a user and password that prevents unverified users from running administrative commands. It also has a password that prevents people without the password from accessing your system. However, there are other ways of getting access to your data. For instance, someone else can run a live session and gain access to your files. That requires physical access to your computer and technical knowledge, but it is still a risk. However, if your home directory is encrypted, someone needs to know a passphrase to gain access to your files. Even with physical access to your computer.<\/p>\n

We\u2019re not going to encrypt your home directory because it requires a lot of disk space. Some people encrypt their home directories to keep all of their files safe, rather than having to decide which ones they want to protect. Instead, we\u2019re going to encrypt part of our home directory. This would be a safe place to hold important files you wouldn\u2019t want compromised without encrypting the entire directory. For me, disk space is usually the deciding factor in terms of whether to encrypt the entire home directory or just part of it. However, if you have the space and the inclination, eCryptfs has a convenient stepby-step process for encrypting your home directory after you\u2019ve installed your operating system. It\u2019s called the ecryptfs-migrate-home command. The ArchWiki (https:\/\/ wiki.archlinux.org) has some great information on how to use it. But for now, let\u2019s create an encrypted folder in our home directory:<\/p>\n

1 Install eCryptfs. The package name is ecryptfs-utils.<\/p>\n

2 Run the command ecryptfs-setup-private –nopwcheck –noautomount.<\/p>\n

This command will create an encrypted directory that requires a password (nopwcheck) other than the login password. The directory will also be inaccessible by default (noautomount).<\/p>\n","protected":false},"excerpt":{"rendered":"

Security is an important but complex topic. So I’ll be doing a series of articles, focusing on the principles and working of security of Linux. The challenge is that it\u2019s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though<\/p>\n","protected":false},"author":3,"featured_media":892,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[5,1],"tags":[],"class_list":["post-881","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase","category-news-announcements"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/linux-ransomware-wide.jpeg?fit=600%2C315&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7ISfL-ed","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":876,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/linux-security-the-user-and-superuser-concept-and-how-and-why-it-keeps-your-computer-secure\/","url_meta":{"origin":881,"position":0},"title":"Linux security : The user and superuser concept and how and why it keeps your computer secure","author":"Daniel Draga","date":"January 24, 2017","format":false,"excerpt":"Security is an important but complex topic. So I'll be doing a series of articles, focusing on the principles and working of security of Linux. The challenge is that it\u2019s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/unnamed-file.jpg?fit=500%2C590&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":884,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/linux-security-running-commands-safely\/","url_meta":{"origin":881,"position":1},"title":"Linux Security: Running commands safely","author":"Daniel Draga","date":"January 27, 2017","format":false,"excerpt":"Security is an important but complex topic. So I'll be doing a series of articles, focusing on the principles and working of security of Linux. The challenge is that it\u2019s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/9.png?fit=1200%2C750&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/9.png?fit=1200%2C750&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/9.png?fit=1200%2C750&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/9.png?fit=1200%2C750&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/9.png?fit=1200%2C750&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":880,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/linux-securityfirewalls\/","url_meta":{"origin":881,"position":2},"title":"Linux Security:Firewalls","author":"Daniel Draga","date":"January 25, 2017","format":false,"excerpt":"Security is an important but complex topic. So I'll be doing a series of articles, focusing on the principles and working of security of Linux. The challenge is that it\u2019s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/firewall-hacker-720x380.jpg?fit=720%2C380&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/firewall-hacker-720x380.jpg?fit=720%2C380&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/firewall-hacker-720x380.jpg?fit=720%2C380&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/firewall-hacker-720x380.jpg?fit=720%2C380&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":1256,"url":"https:\/\/www.virtono.com\/community\/internet-and-technology-news\/google-disassembles-usb-stack-of-the-linux-kernel\/","url_meta":{"origin":881,"position":3},"title":"Google disassembles USB stack of the Linux kernel","author":"Daniel Draga","date":"November 9, 2017","format":false,"excerpt":"With a special fuzzer for kernel system calls from\u00a0Google\u00a0, extremely many bugs have been found in the USB stack of the\u00a0Linux kernel\u00a0.\u00a0Many of them are classified as critical vulnerabilities, which is true for all kernel bugs. The Syzkaller tool, created and developed with Google support, is intended to fuzzy operating\u2026","rel":"","context":"In "IT News"","block_context":{"text":"IT News","link":"https:\/\/www.virtono.com\/community\/category\/internet-and-technology-news\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/11\/google-linux.png?fit=1200%2C569&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/11\/google-linux.png?fit=1200%2C569&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/11\/google-linux.png?fit=1200%2C569&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/11\/google-linux.png?fit=1200%2C569&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/11\/google-linux.png?fit=1200%2C569&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":873,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/hardening-linux\/","url_meta":{"origin":881,"position":4},"title":"Hardening Linux:OS Hardening Principles","author":"Daniel Draga","date":"January 20, 2017","format":false,"excerpt":"Hardening Linux and Using iptables There's tremendous value in isolating your bastion (Internet-accessible) hosts in a DMZ network, protected by a well-designed firewall and other external controls. And just as a good DMZ is designed assuming that sooner or later, even firewall-protected hosts may be compromised, good bastion server design\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/02\/Linux_Server_Hardening.jpeg?fit=1170%2C822&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/02\/Linux_Server_Hardening.jpeg?fit=1170%2C822&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/02\/Linux_Server_Hardening.jpeg?fit=1170%2C822&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/02\/Linux_Server_Hardening.jpeg?fit=1170%2C822&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/02\/Linux_Server_Hardening.jpeg?fit=1170%2C822&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":844,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/securing-the-clouds\/","url_meta":{"origin":881,"position":5},"title":"Securing The Clouds","author":"Daniel Draga","date":"January 9, 2017","format":false,"excerpt":"Technology is massively integrated with modern business, but many of those businesses still lack a modern security solution which helps protect against vulnerabilities in each layer of organisation. With the Protection Service for Business (PSB), this changes everything. It is a unique breakthrough on technology which provides total protection yet\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/cloud-security.jpg?fit=767%2C538&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/cloud-security.jpg?fit=767%2C538&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/cloud-security.jpg?fit=767%2C538&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/cloud-security.jpg?fit=767%2C538&ssl=1&resize=700%2C400 2x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/881","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/comments?post=881"}],"version-history":[{"count":3,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/881\/revisions"}],"predecessor-version":[{"id":3559,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/881\/revisions\/3559"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media\/892"}],"wp:attachment":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media?parent=881"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/categories?post=881"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/tags?post=881"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}