fbpx

Security is an important but complex topic.

So I’ll be doing a series of articles, focusing on the principles and working of security of Linux.

The challenge is that it’s an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though whatever safeguards were once coded in.

For users, it means being vigilant—staying on top of your system and considering security a recurring task rather than something you do once and can then be considered finished. In this article, I’m going to run through the best practices for keeping your system secure. I’m not a hacker or a security expert so I’m not going to get very detailed. Instead, I’m going to explain some basic, fundamental, and essential security concepts and give you a few manageable things to do to keep your computer secure. In this series of articles, we’re going to discuss:

The user and superuser concept and how and why it keeps your computer secure

Linux viruses (and anti-viruses)

Linux firewalls

Privacy on Linux

Best practices in running commands safely

Hardening Linux:OS Hardening Principles

Security issues can send personal information, like logins and passwords, to malicious third parties. These issues can also give these same bad people access to all of your personal files.
Think of security bugs as a hole in your home. With the hole there, things, like burglars, can get into your home. And think of security updates as patches for the holes. With the holes covered, it’s much tougher for someone to get in. Now let’s talk about other ways to keep your system secure. Let’s start with the Linux user and superuser concepts. This idea is the key to keeping Linux systems safe.

Encryption

Encryption is a way of keeping data safe by making it unreadable to the naked eye. If we double-click an unencrypted file, it opens and we can read it. However, if we open an encrypted file, we can’t read what’s in it. Encrypted files need to be transformed in some way, usually using a key, which is sort of like a code that changes the encrypted file into something you can read. It is another level of protection beyond your password. Your Linux system has a user and password that prevents unverified users from running administrative commands. It also has a password that prevents people without the password from accessing your system. However, there are other ways of getting access to your data. For instance, someone else can run a live session and gain access to your files. That requires physical access to your computer and technical knowledge, but it is still a risk. However, if your home directory is encrypted, someone needs to know a passphrase to gain access to your files. Even with physical access to your computer.

We’re not going to encrypt your home directory because it requires a lot of disk space. Some people encrypt their home directories to keep all of their files safe, rather than having to decide which ones they want to protect. Instead, we’re going to encrypt part of our home directory. This would be a safe place to hold important files you wouldn’t want compromised without encrypting the entire directory. For me, disk space is usually the deciding factor in terms of whether to encrypt the entire home directory or just part of it. However, if you have the space and the inclination, eCryptfs has a convenient stepby-step process for encrypting your home directory after you’ve installed your operating system. It’s called the ecryptfs-migrate-home command. The ArchWiki (https:// wiki.archlinux.org) has some great information on how to use it. But for now, let’s create an encrypted folder in our home directory:

1 Install eCryptfs. The package name is ecryptfs-utils.

2 Run the command ecryptfs-setup-private –nopwcheck –noautomount.

This command will create an encrypted directory that requires a password (nopwcheck) other than the login password. The directory will also be inaccessible by default (noautomount).


0 Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.