Linux Security - dummies

By Emmett Dulaney

The Linux+ certification exam from CompTIA covers the topic of security. The table shows the subtopics, weights, descriptions, and key knowledge areas for this topic.

Breakout of Domain 110
Subtopic Weight Description Key Areas
Perform security administration tasks 3 Review system configuration to ensure host security Understand local security policies
Setup host security 3 Know how to setup a basic level of host security Understand TCP wrappers
Securing data with encryption 3 Key techniques that secure data OpenSSh and GnuPG

To adequately address these topics, focus on the following files, terms, and utilities: /etc/hosts.allow, /etc/hosts.deny, /etc/inetd.conf, /etc/inetd.d/*, /etc/init.d/*, /etc/inittab, /etc/nologin, /etc/passwd, /etc/shadow, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key, /etc/ssh_known_hosts, /etc/sudoers, /etc/xinetd.conf, /etc/xinetd.d/*, ~/.gnupg/*, ~/.ssh/authorized_keys, ~/.ssh/id_dsa, ~/.ssh/id_rsa, chage, find, gpg,,, lsof, netstat, nmap, passwd, ssh,,, ssh-add, ssh-agent, ssh-keygen, su, sudo, ulimit, and usermod.

Here are the top ten items to know as you study for this domain:

  1. Adding 1000 to standard permissions turns on the “sticky bit”, whereas 2000 turns on the SGID permission and 4000 turns on the SUID permission.

  2. Links are created with the ln command. A hard link is nothing more than an alias to a file (sharing the same inode). A symbolic link is created with ln – and is an actual file with its own inode. The symbolic link contains a pointer to the original file and can span across file systems (while the hard link cannot).

  3. Passwords are changed with the passwd command. While older systems stored passwords in /etc/passwd, they are now in /etc/shadow where they are more secure.

  4. To see who logged on most recently and may currently still be logged on, you can use the last command.

  5. The su command allows you to become another user (returning with exit). If no other username is specified, then the root user is implied, hence su for superuser.

  6. To run a command as another user (usually root) rather than become them, sudo should be used instead of su.

  7. The who command shows who is logged on; the w command shows information combining who with uptime.

  8. You can limit which hosts can remotely connect by using either a hosts.allow file (only those hosts specifically listed can connect) or a hosts.deny file (only those hosts specifically listed cannot connect).

  9. The ulimit utility can show the limit on the number of open files allowed in Linux. You can also change that value by using this same command.

  10. The usermod command changes attributes for a user and modifies the user account.