Linux Security
Users
Linux is a system build for networked multi user environments where access control is a vital part of the infrastructure.
As such any Linux based system requires users to be identified by username and access credentials. A more thorough explanation of users and groups is available at the Users & Groups page.
The toplevel user is root and is the most important user to protect from abuse or malicious usage.
If your root user is compromised you might as well restore your system either through reinstall or restore from an uncompromized backup.
A superuser account is equal problematic if not protected.
Groups
Users on a Linux system are commonly arranged in groups. A user group is a convenient way of assigning a user access to a common task like sound, media, printing and mounting of removable drives etc.
A list of available groups can be seen on the system by opening a terminal and executing the command below.
$ cat /etc/group
Likewise a user can see which groups the user is part of by executing a groups
which will display the users groups.
$ groups
Passwords
The most common credential is the password.
The best practice for creating passwords is
- Use a combination of upper- and lowercase letters mixed with digits and special characters like !#%&.
- Do not use words which can be found in a dictionary. Dictionary password attacks is a most effective way of breaking passwords.
- Ensure your password have a reasonable length of at least 8 characters and preferably more.
You might think it is easier for you to have the same password for your superuser and root account since you are the only one using the system. You are in charge but be advised that you might weaken your security since you will not know when your system in response to an action to be performed is asking for your superuser pass or your root pass.
Administrative tasks
Common administrative tasks like installing software, setting up printers, modifying configurations will often require the use of an administrative role.
On a Manjaro system the first user is created upon installation and that user will by default get assigned to the administrative role of the computer. That implies that the user is able to execute commands prefixed with sudo
and upon supplying the users password the tasks can be executed.
It is a common perception that root = su = superuser and that will be correct for most situations.
However situations exist where the system will ask for your root password and not your superuser password and you have no way of knowing which one is asked for.
You will at times find yourself in a situation where you are absolutely sure you are inputting the correct password and the system refuses to comply and thereby drive you crazy.
If you make a habit of having different passwords for superuser and root you will just have to switch to the other and the system will comply.
Forum
Tips
Be alert
- Everything you have on your devices, maybe one day be on the internet.
- So, do not put things which you do not want on the internet
Firewall
- Read about firewalls
- Read about IPv4 and IPv6, how check which you use, how disable not used
- Read how read firewall logs
- Read how find open ports
- Read how find applications that use the internet and how to block
- Read how to find listen to the connections / applications. Secure passwords should be encrypted
- Read how block dangerous websites and access to the router, to protect the system and router against attack from web browser.
- Read https://wiki.manjaro.org/index.php?title=Security_%26_Anonymity
Web browser
- Read what data is disclosed by the web browser
- Read about plugins: uBlock Origin , NoScript
- Read why installing unknown or poor plugins can be dangerous.
- Read how to create aliases for your own mail and why can help you protect against spam or inform about a data leak
- Read how how to automatically sort trusted emails
- Read how read source code messages and how to see the headers
- Read about phishing and punycode phishing attack
System processes
- Read about sandbox
- Read how prevent a fork bomb by limiting user process
Habits
- Do not use commands if you do not know what they do
- Do not enter long commands, but copy and paste
- Do not use root account if you don't need.
- Do not trust anyone. If you can check, verify.
- Read how to build strong passwords
- Read about two-factor authentication
- Read about GPG / GnuPG ( Asymmetric encryption with 2 keys: private and public )
- Read about hash collisions
Files
- Read why we use sgid and why it can be dangerous
- Read how find files with incorrect permissions and how find files with sgid
- Read about AIDA ( Advanced Intrusion Detection Enviornment )
- Read what it is Access Control Lists
- Read how to check the changed packages
- Read how to check system logs and how to quickly find faults and how create alerts
- Update the system systematically if possible, because a lot of attacks already use detected and repaired vulnerabilities.
- Read why untested packages from outside the repository can be dangerous
- Read why we use programs with a closed source code and why can be dangerous
- Read about chkrootkit and rkhunter
Developers
- Read about attacks on environmental variables
- Read about attack on input files
- Read about Validating Sanitizing and Escaping User Data