Self-paced

Explore our extensive collection of courses designed to help you master various subjects and skills. Whether you're a beginner or an advanced learner, there's something here for everyone.

Bootcamp

Learn live

Join us for our free workshops, webinars, and other events to learn more about our programs and get started on your journey to becoming a developer.

Upcoming live events

Learning library

For all the self-taught geeks out there, here is our content library with most of the learning materials we have produced throughout the years.

It makes sense to start learning by reading and watching videos about fundamentals and how things work.

Search from all Lessons

LoginGet Started
← Back to Lessons

  • linux

    • cybersecurity

Edit on Github

Introduction to Linux Security

Managing User Accounts and Secure Passwords
Configuring Firewalls and Protecting Services
Installing iptables
Adding Rules to iptables
Verify the Rules

Security is a fundamental aspect of any operating system, and as more people and organizations use Linux, it is important to understand basic security concepts to protect our systems and data.

  • Users and permissions: In Linux, each user has their own account and set of permissions. It is important to create separate user accounts for each person accessing the system and assign appropriate permissions. Permissions determine what actions users can perform on files and directories, such as reading, writing, or executing.
  • Secure passwords: It is important to use secure passwords that are difficult to guess. A secure password should have a combination of uppercase and lowercase letters, numbers, and special characters. Additionally, it is recommended to change passwords periodically.
  • System updates: Keeping the Linux operating system updated is essential to ensure security. System updates include security patches that fix known vulnerabilities. It is important to regularly install system updates to protect against potential threats.
  • Firewall: A firewall is a security tool that controls incoming and outgoing network traffic. Linux has a built-in firewall called iptables, which allows you to configure rules to allow or block traffic as needed. Configuring an appropriate firewall can help protect the system from external attacks.
  • Antivirus and security software: Although Linux is less susceptible to viruses and malware compared to other operating systems, it is still important to use security software such as antivirus and intrusion detection tools. These tools can help identify and eliminate potential threats.
  • Security auditing: Conducting regular security audits is a good practice to identify potential vulnerabilities in the system. Security audits can include reviewing activity logs, vulnerability analysis, and penetration testing. These activities allow us to detect and correct potential security issues before they are exploited.

Managing User Accounts and Secure Passwords

Here are some aspects to consider for managing user accounts:

  • Creating user accounts: In Linux, you can create user accounts using commands like "useradd" or "adduser". When creating a user account, it is important to assign a unique username and a secure password. Additionally, you can set other details such as the home directory and the primary group.
  • Secure passwords: It is crucial to use secure passwords that are difficult to guess. It is recommended to use a combination of uppercase and lowercase letters, numbers, and special characters. Avoid using obvious passwords or easily accessible personal information.
  • Password policies: Establishing password policies is a recommended practice to ensure that users use secure passwords. These policies can include requirements such as a minimum password length, the need to change passwords periodically, and the prohibition of reusing old passwords. These policies can be configured in the "/etc/login.defs" file or using password management tools like "pam_cracklib".
  • Two-factor authentication: Two-factor authentication (2FA) provides an additional layer of security by requiring a second method of verification, in addition to the password, to access an account. This helps prevent unauthorized access even if the password is compromised.
  • Privilege management: It is important to assign the appropriate privileges to each user account in Linux. Not all users need administrator access or superuser privileges. Following the principle of "least privilege," only the necessary privileges should be granted to perform required tasks. This helps limit the impact of potential attacks or human errors.

Configuring Firewalls and Protecting Services

Configuring a firewall and protecting services are fundamental aspects of ensuring system security. These measures help prevent unauthorized access and protect the services running on the system. Here are some key concepts to keep in mind:

  • Firewall: A firewall is a security barrier that controls incoming and outgoing network traffic. Its main goal is to allow or block traffic according to established rules. In Linux, the most commonly used firewall is iptables. It allows you to configure rules to filter traffic based on IP addresses, ports, and protocols.
  • Firewall rules: When configuring a firewall, it is important to define specific rules to allow or block traffic. For example, rules can be established to allow access to specific services, such as SSH or HTTP, from trusted IP addresses. Unused ports can also be blocked, or access to sensitive services can be restricted.
  • Service protection: Services running on a system, such as web servers, databases, or email servers, can be targets of attacks. To protect these services, additional measures should be taken, such as:
    • Keeping services updated: It is important to regularly apply security updates to installed services. This helps fix known vulnerabilities and protect against known attacks.
    • Secure configuration: Ensure that services are configured securely, following recommended best practices. This includes disabling unnecessary features, setting appropriate file and directory permissions, and using secure passwords for service accounts.
    • Monitoring and logging: Implement monitoring and logging tools to supervise service activity. This allows detecting potential intrusions or anomalous behaviors and taking preventive measures.
    • Limiting access: Restrict access to services only to necessary IP addresses or IP ranges. This helps reduce the attack surface and limit exposure to potential threats.
    • Additional security tools: Besides a firewall, there are other security tools that can be used to protect services on Linux. For example, intrusion detection and prevention systems (IDS/IPS) can be implemented to monitor and block suspicious activities. Vulnerability scanning tools can also be used to identify potential weaknesses in services.

Installing iptables

iptables is a firewall and packet filtering tool on Linux systems. It allows you to control and configure network security rules to protect your system and manage incoming and outgoing network traffic. With iptables, you can define rules that determine which network packets are allowed or blocked on your system. These rules are based on criteria such as the source or destination IP address, source or destination port, protocol used, and other packet characteristics. iptables rules are organized into tables, and each table contains chains of rules. The most common tables are "filter," which is used for packet filtering, and "nat," which is used for network address translation (NAT). Within each table, there are different predefined chains, such as "INPUT" for incoming traffic, "OUTPUT" for outgoing traffic, and "FORWARD" for traffic being forwarded through the system. You can add rules to these chains to specify what to do with packets matching those rules, such as accepting, rejecting, or redirecting them.

To install iptables, follow these steps:

  1. Check if iptables is installed

To check if iptables is already installed on your system, you can run the following command in the terminal:

1iptables --version

💡 If iptables is installed, you will see the software version. If it is not installed, you can proceed to the next step.

  1. Install iptables

The method to install iptables may vary depending on the Linux distribution you are using. Here is how to do it on some popular distributions:

  • Ubuntu or Debian:
1sudo apt-get update
2sudo apt-get install iptables

Additionally, we will install iptables-persistent as this package facilitates the persistence of iptables rules across system reboots. Typically, iptables rules are lost when the system restarts. iptables-persistent saves the current rules and automatically restores them at system startup, ensuring consistent firewall configurations.

1sudo apt-get install iptables-persistent

During installation, you will be prompted to save the current iptables rules to rules.v4 and rules.v6 files.

  • CentOS or RHEL:
1sudo yum install iptables

Adding Rules to iptables

Once iptables is installed, you can begin configuring it according to your needs. To add a new rule to iptables, you can use the iptables command directly. For example, to allow incoming TCP traffic on port 80 (HTTP), you can execute:

1sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

It's important to note that in order to explicitly save these entered rules to files, we need to specify it through the command line.

Save and Apply the Rules

Once you have defined your rules, apply them using the following command:

1sudo iptables-save | sudo tee /etc/iptables/rules.v4 >/dev/null

This will save the rules from the kernel of your computer to the rules.v4 configuration file and apply them on your system.

Modifying/Adding Rules from the File

You can open the iptables configuration file using a text editor like nano or vim. For example:

1sudo nano /etc/iptables/rules.v4

Once the file is open, add or modify the rules as needed. Here's an example of what the /etc/iptables/rules.v4 file might contain:

1# Generated by iptables-save v1.8.7 on Mon Jul 18 09:23:45 2023
2*filter
3:INPUT ACCEPT [0:0]
4:FORWARD ACCEPT [0:0]
5:OUTPUT ACCEPT [0:0]
6-A INPUT -p tcp --dport 80 -j ACCEPT
7COMMIT
8# Completed on Mon Jul 18 09:23:45 2023

After editing the rules file, you need to restore them in iptables to apply them to the firewall using the following command:

1sudo iptables-restore < /etc/iptables/rules.v4

This command will read the rules from /etc/iptables/rules.v4 and apply them to iptables, ensuring that your firewall configuration reflects the changes you made in the file.

Allowing TCP Connections to Port 22

The following iptables rule allows incoming TCP connections to the server on port 22, which is typically used for SSH (Secure Shell) access.

1-A INPUT -p tcp --dport 22 -j ACCEPT

Here is a breakdown of the rule:

  • -A INPUT: This appends the rule to the INPUT chain, which handles incoming network traffic.
  • -p tcp: This specifies the protocol to match, which in this case is TCP (Transmission Control Protocol).
  • --dport 22: This matches packets that are destined for port 22. The dport flag stands for "destination port".
  • -j ACCEPT: This specifies the target of the rule, which in this case is to ACCEPT the packet. This means that the traffic matching the rule will be allowed through the firewall.

In Summary:

  • The rule is appended to the INPUT chain, which deals with incoming traffic.
  • It matches TCP packets.
  • It specifically targets packets destined for port 22.
  • It accepts these packets, allowing the connection to be established.

Blocking PING Requests

1-A INPUT -p icmp --icmp-type echo-request -j DROP

This iptables rule is used to block incoming ping requests to the server. Here is a detailed breakdown of the rule:

  • -A INPUT: This appends the rule to the INPUT chain, which handles incoming network traffic.
  • -p icmp: This specifies the protocol to match, which in this case is ICMP (Internet Control Message Protocol).
  • --icmp-type echo-request: This matches packets that are ICMP echo requests, which are used for ping operations. The echo-request type is the type of ICMP message that is sent when a ping is performed.
  • -j DROP: This specifies the target of the rule, which in this case is to DROP the packet. This means that the traffic matching the rule will be silently discarded, and no response will be sent to the sender.

In Summary:

  • The rule is appended to the INPUT chain, which deals with incoming traffic.
  • It matches ICMP packets.
  • It specifically targets ICMP echo request packets, which are used for ping operations.
  • It drops these packets, effectively blocking ping requests to the server.

By implementing this rule, you prevent external entities from pinging your server, which can help reduce the risk of certain types of network attacks or reconnaissance activities.

Verify the Rules

You can verify the iptables rules using the following command:

1sudo iptables -L

And that's it! Now you have iptables installed and configured on your system.