Security is an important but complex topic.
So I’ll be doing a series of articles, focusing on the principles and working of security of Linux.
The challenge is that itโs an ever-changing idea. Software we think of as secure can become insecure as hackers figure out how to break though whatever safeguards were once coded in.
For users, it means being vigilantโstaying on top of your system and considering security a recurring task rather than something you do once and can then be considered finished. In this article, Iโm going to run through the best practices for keeping your system secure. Iโm not a hacker or a security expert so Iโm not going to get very detailed. Instead, Iโm going to explain some basic, fundamental, and essential security concepts and give you a few manageable things to do to keep your computer secure. In this series of articles, weโre going to discuss:
โ The user and superuser concept and how and why it keeps your computer secure
โ Linux viruses (and anti-viruses)
โ Best practices in running commands safely
โ Hardening Linux:OS Hardening Principles
Security issues can send personal information, like logins and passwords, to malicious third parties. These issues can also give these same bad people access to all of your personal files.
Think of security bugs as a hole in your home. With the hole there, things, like burglars, can get into your home. And think of security updates as patches for the holes. With the holes covered, itโs much tougher for someone to get in. Now letโs talk about other ways to keep your system secure. Letโs start with the Linux user and superuser concepts. This idea is the key to keeping Linux systems safe.
Running commands safely
Running commands safely is an important enough topic. As youโve seen, the real security dangers with Linux are
ecryptfs-setup-private –nopwchekc –noautomount
Require a different password for the directory
Hide the directory by default
Create an encrypted directory
encryptfs-setup-private allows you to specify a password and mount behavior with flags.ย social ones. If someone tricks you into revealing your password or running the wrong command, they can assume control of your system. Security vulnerabilities often come about because of something the user did or didnโt do, rather than a fault in the code itself. New Linux users often find themselves online, trying to learn new things. While much of the advice youโll find online is at least well-intentioned, there are people who post things that could harm your system or expose it to risk.
| Does the commandโฆย | Safe behavior |
| โฆ require sudo? | Ask yourself if it makes sense that the command youโre running requires sudo. If you just want to move a file and someone is recommending sudo, think about how that doesnโt make sense because moving a file isnโt an administrative task. |
| โฆ make sense to you? | Figure out what a complex command does. If it uses pipes, research each part of the pipe. Make sure you can roughly understand what each part of the command youโre using is doing and why youโre doing it. Back in the early days of Linux, certain people thought it was funny to advise new users to run the command rm -rf which would erase everything on their system. Itโs not funny but was possible because people would run commands without knowing what the command would do. |
| โฆ remove or overwrite files? | Back up files being changed. Because unless youโre 100% sure about the change, you could wind up breaking your system. It never hurts to make a backup of a file by copying it and saving the copy in a different location. If your command works successfully, you can delete the backup. And if it doesnโt, youโll be glad you were careful. |
| โฆ seem to be commonly used? | Before running a command you find online, do some research and see if other people recommend the same command for the same issue. There are lots of forums and lots of commands, but just because someone posted something doesnโt mean itโs correct. If you can find other people using the same command for the same issue, thereโs a better probability the command is what you need. |
0 Comments