By Emmett Dulaney

Here, review two host-security mechanisms you should be familiar with when working in Linux, password security and incident response. Learn how to perform computer security audits how to test your system’s security.

Password security

Verify that the password, group, and shadow password files are protected. In particular, the shadow password file has to be write-protected and readable only by root. The filenames and their recommended permissions are shown in this table.

Ownership and Permission of Password Files
File Pathname Ownership Permission
/etc/group root.root 644
/etc/passwd root.root 644
/etc/shadow root.root 400

Incident response

Incident response is the policy that answers the question of what to do if something unusual does happen to the system. The policy tells you how to proceed if someone breaks into your system.

Your response to an incident depends on how you use your system and how important it is to you or your business. For a comprehensive incident response, remember these key points:

  • Figure out how critical and important your computer and network are — and identify who or what resources can help you protect your system.

  • Take steps to prevent and minimize potential damage and interruption.

  • Develop and document a comprehensive contingency plan.

  • Periodically test the contingency plan and revise the procedures as appropriate.