Linux Security Fundamentals & Hardening¶

Most servers run Linux. Securing them is a core blue-team skill.

The Permission Model¶

Linux permissions are user / group / other, each with read (r) / write (w) / execute (x):

1$ ls -l secret.txt
2-rw-r----- 1 alice finance 1024 Jun 4 10:00 secret.txt
3#  └┬┘└┬┘└┬┘
4#  user grp other

• chmod 640 secret.txt → owner rw, group r, others nothing.
• chown alice:finance secret.txt → set owner/group.

The Danger of 777¶

chmod 777 grants everyone full control — a frequent and serious misconfiguration. Grant the least permission that works.

Users, sudo & Root¶

• The root account (UID 0) is all-powerful — don't log in as root directly.
• Use sudo for privilege escalation with an audit trail (/var/log/auth.log).
• Follow least privilege: scope sudo rules in /etc/sudoers to specific commands.

Hardening Checklist¶

1. 1.Patch regularly — apt upgrade / dnf update; automate security updates.
2. 2.Disable unused services — systemctl disable --now <svc>; smaller attack surface.
3. 3.SSH hardening:
   • Disable root login (PermitRootLogin no).
   • Key-based auth only (PasswordAuthentication no).
   • Change/limit access; use fail2ban to throttle brute force.
4. 4.Host firewall — ufw / firewalld with default-deny inbound.
5. 5.Mandatory Access Control — enable SELinux or AppArmor to confine processes beyond standard permissions.
6. 6.File integrity monitoring — AIDE or Tripwire to detect unexpected changes.
7. 7.Auditing — enable auditd to log security-relevant events.

Key Files to Know¶

SUID/SGID — A Privilege-Escalation Hotspot¶

Files with the SUID bit run with the file owner's privileges. A misconfigured SUID-root binary is a classic local privilege-escalation path. Audit them:

1find / -perm -4000 -type f 2>/dev/null   # list SUID binaries

The Principle in Action¶

A hardened Linux box does the minimum: minimal packages, minimal open ports, minimal privileges, maximal logging. Every service you don't run is a vulnerability you don't have.