{"id":884,"date":"2017-01-27T15:00:18","date_gmt":"2017-01-27T13:00:18","guid":{"rendered":"https:\/\/community.virtono.com\/?p=884"},"modified":"2023-06-21T09:54:22","modified_gmt":"2023-06-21T06:54:22","slug":"linux-security-running-commands-safely","status":"publish","type":"post","link":"https:\/\/www.virtono.com\/community\/knowledgebase\/linux-security-running-commands-safely\/","title":{"rendered":"Linux Security: Running commands safely"},"content":{"rendered":"

Security is an important but complex topic.<\/p>\n

So I’ll be doing a series of articles, focusing on the principles and working of security of Linux.<\/p>\n

The challenge is that it\u2019s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though whatever safeguards were once coded in.<\/p>\n

For users, it means being vigilant\u2014staying on top of your system and considering security a recurring task rather than something you do once and can then be considered finished. In this article, I\u2019m going to run through the best practices for keeping your system secure. I\u2019m not a hacker or a security expert so I\u2019m not going to get very detailed. Instead, I\u2019m going to explain some basic, fundamental, and essential security concepts and give you a few manageable things to do to keep your computer secure. In this series of articles, we\u2019re going to discuss:<\/p>\n

\u25a0 The user and superuser concept and how and why it keeps your computer secure<\/a><\/p>\n

\u25a0 Linux viruses (and anti-viruses)<\/a><\/p>\n

\u25a0 Linux firewalls<\/a><\/p>\n

\u25a0 Privacy on Linux<\/a><\/p>\n

\u25a0 Best practices in running commands safely<\/a><\/p>\n

\u25a0 Hardening Linux:OS Hardening Principles<\/a><\/p>\n

Security issues can send personal information, like logins and passwords, to malicious third parties. These issues can also give these same bad people access to all of your personal files.
\nThink of security bugs as a hole in your home. With the hole there, things, like burglars, can get into your home. And think of security updates as patches for the holes. With the holes covered, it\u2019s much tougher for someone to get in. Now let\u2019s talk about other ways to keep your system secure. Let\u2019s start with the Linux user and superuser concepts. This idea is the key to keeping Linux systems safe.<\/p>\n

Running commands safely<\/strong><\/p>\n

Running commands safely is an important enough topic. As you\u2019ve seen, the real security dangers with Linux are
\necryptfs-setup-private –nopwchekc –noautomount
\nRequire a different password for the directory
\nHide the directory by default
\nCreate an encrypted directory
\nencryptfs-setup-private allows you to specify a password and mount behavior with flags.\u00a0social ones. If someone tricks you into revealing your password or running the wrong command, they can assume control of your system. Security vulnerabilities often come about because of something the user did or didn\u2019t do, rather than a fault in the code itself. New Linux users often find themselves online, trying to learn new things. While much of the advice you\u2019ll find online is at least well-intentioned, there are people who post things that could harm your system or expose it to risk.<\/p>\n\n\n\n\n\n\n\n
Does the command\u2026\u00a0<\/em><\/td>\n Safe behavior<\/em><\/td>\n<\/tr>\n
\u2026 require sudo?<\/td>\nAsk yourself if it makes sense that the command you\u2019re running requires sudo. If you just want to move a file and someone is recommending sudo, think about how that doesn\u2019t make sense because moving a file isn\u2019t an administrative task.<\/td>\n<\/tr>\n
\u2026 make sense to you?<\/td>\nFigure out what a complex command does. If it uses pipes, research each part of the pipe. Make sure you can roughly understand what each part of the command you\u2019re using is doing and why you\u2019re doing it. Back in the early days of Linux, certain people thought it was funny to advise new users to run the command rm -rf which would erase everything on their system. It\u2019s not funny but was possible because people would run commands without knowing what the command would do.<\/td>\n<\/tr>\n
\u2026 remove or overwrite files?<\/td>\nBack up files being changed. Because unless you\u2019re 100% sure about the change, you could wind up breaking your system. It never hurts to make a backup of a file by copying it and saving the copy in a different location. If your command works successfully, you can delete the backup. And if it doesn\u2019t, you\u2019ll be glad you were careful.<\/td>\n<\/tr>\n
\u2026 seem to be commonly used?<\/td>\nBefore running a command you find online, do some research and see if other people recommend the same command for the same issue. There are lots of forums and lots of commands, but just because someone posted something doesn\u2019t mean it\u2019s correct. If you can find other people using the same command for the same issue, there\u2019s a better probability the command is what you need.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Security is an important but complex topic. So I’ll be doing a series of articles, focusing on the principles and working of security of Linux. The challenge is that it\u2019s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though<\/p>\n","protected":false},"author":3,"featured_media":891,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[5,1],"tags":[],"class_list":["post-884","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledgebase","category-news-announcements"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/9.png?fit=1280%2C800&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7ISfL-eg","jetpack_likes_enabled":true,"jetpack-related-posts":[{"id":876,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/linux-security-the-user-and-superuser-concept-and-how-and-why-it-keeps-your-computer-secure\/","url_meta":{"origin":884,"position":0},"title":"Linux security : The user and superuser concept and how and why it keeps your computer secure","author":"Daniel Draga","date":"January 24, 2017","format":false,"excerpt":"Security is an important but complex topic. So I'll be doing a series of articles, focusing on the principles and working of security of Linux. The challenge is that it\u2019s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/unnamed-file.jpg?fit=500%2C590&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":881,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/linux-security-privacy-on-linuxencryption\/","url_meta":{"origin":884,"position":1},"title":"Linux Security: Privacy on Linux(Encryption)","author":"Daniel Draga","date":"January 26, 2017","format":false,"excerpt":"Security is an important but complex topic. So I'll be doing a series of articles, focusing on the principles and working of security of Linux. The challenge is that it\u2019s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/linux-ransomware-wide.jpeg?fit=600%2C315&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/linux-ransomware-wide.jpeg?fit=600%2C315&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/linux-ransomware-wide.jpeg?fit=600%2C315&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":880,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/linux-securityfirewalls\/","url_meta":{"origin":884,"position":2},"title":"Linux Security:Firewalls","author":"Daniel Draga","date":"January 25, 2017","format":false,"excerpt":"Security is an important but complex topic. So I'll be doing a series of articles, focusing on the principles and working of security of Linux. The challenge is that it\u2019s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/firewall-hacker-720x380.jpg?fit=720%2C380&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/firewall-hacker-720x380.jpg?fit=720%2C380&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/firewall-hacker-720x380.jpg?fit=720%2C380&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/firewall-hacker-720x380.jpg?fit=720%2C380&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":844,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/securing-the-clouds\/","url_meta":{"origin":884,"position":3},"title":"Securing The Clouds","author":"Daniel Draga","date":"January 9, 2017","format":false,"excerpt":"Technology is massively integrated with modern business, but many of those businesses still lack a modern security solution which helps protect against vulnerabilities in each layer of organisation. With the Protection Service for Business (PSB), this changes everything. It is a unique breakthrough on technology which provides total protection yet\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/cloud-security.jpg?fit=767%2C538&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/cloud-security.jpg?fit=767%2C538&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/cloud-security.jpg?fit=767%2C538&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/01\/cloud-security.jpg?fit=767%2C538&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":873,"url":"https:\/\/www.virtono.com\/community\/knowledgebase\/hardening-linux\/","url_meta":{"origin":884,"position":4},"title":"Hardening Linux:OS Hardening Principles","author":"Daniel Draga","date":"January 20, 2017","format":false,"excerpt":"Hardening Linux and Using iptables There's tremendous value in isolating your bastion (Internet-accessible) hosts in a DMZ network, protected by a well-designed firewall and other external controls. And just as a good DMZ is designed assuming that sooner or later, even firewall-protected hosts may be compromised, good bastion server design\u2026","rel":"","context":"In "Knowledgebase"","block_context":{"text":"Knowledgebase","link":"https:\/\/www.virtono.com\/community\/category\/knowledgebase\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/02\/Linux_Server_Hardening.jpeg?fit=1170%2C822&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/02\/Linux_Server_Hardening.jpeg?fit=1170%2C822&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/02\/Linux_Server_Hardening.jpeg?fit=1170%2C822&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/02\/Linux_Server_Hardening.jpeg?fit=1170%2C822&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/02\/Linux_Server_Hardening.jpeg?fit=1170%2C822&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":1256,"url":"https:\/\/www.virtono.com\/community\/internet-and-technology-news\/google-disassembles-usb-stack-of-the-linux-kernel\/","url_meta":{"origin":884,"position":5},"title":"Google disassembles USB stack of the Linux kernel","author":"Daniel Draga","date":"November 9, 2017","format":false,"excerpt":"With a special fuzzer for kernel system calls from\u00a0Google\u00a0, extremely many bugs have been found in the USB stack of the\u00a0Linux kernel\u00a0.\u00a0Many of them are classified as critical vulnerabilities, which is true for all kernel bugs. The Syzkaller tool, created and developed with Google support, is intended to fuzzy operating\u2026","rel":"","context":"In "IT News"","block_context":{"text":"IT News","link":"https:\/\/www.virtono.com\/community\/category\/internet-and-technology-news\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/11\/google-linux.png?fit=1200%2C569&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/11\/google-linux.png?fit=1200%2C569&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/11\/google-linux.png?fit=1200%2C569&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/11\/google-linux.png?fit=1200%2C569&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/www.virtono.com\/community\/wp-content\/uploads\/2017\/11\/google-linux.png?fit=1200%2C569&ssl=1&resize=1050%2C600 3x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/884","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/comments?post=884"}],"version-history":[{"count":3,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/884\/revisions"}],"predecessor-version":[{"id":3557,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/posts\/884\/revisions\/3557"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media\/891"}],"wp:attachment":[{"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/media?parent=884"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/categories?post=884"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.virtono.com\/community\/wp-json\/wp\/v2\/tags?post=884"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}