If you’ve thought about becoming a professional Linux administrator but you’re not sure where to start, this article is for you.

In it, we’ll explore some of the most important skills expected of someone working in the role. Many of them you’ll already be familiar with, but some may surprise you.

Much of our focus will be on cybersecurity and how to make sure you’re ready to deal with security issues from day one. We’ll also cover what sort of administrator skills you’ll need and look at what to include in your resume to give you the best chance of success.

What Is a Linux Administrator?

CybersecThe typical Linux administrator’s business agreement contract won’t necessarily specify every aspect of the job description. That’s because the role involves being a jack-of-all-trades and every day is different. 

Broadly speaking, you’ll be responsible for overseeing every element of both hardware and software management, not only for the physical but also the virtual systems. On a day-to-day basis, that can mean sundry tasks like backup, building new systems, maintenance, configuring and installing new applications. On occasion, it will mean disaster recovery, which is not always the most fun day.

One area that is absolutely crucial is network security. Any good Linux sysadmin worth the name will have a broad technical knowledge of the subject. 

What Linux Administrators Should Know about Security

If you’re thinking about embarking on cybersecurity training for Linux systems, here are the fundamentals you should make sure are covered:

Creating a good firewall policy

Familiarity with Netfilter interpreters like ufw and firewalld is a good start. To have a full grounding in network-wide firewall implementation, though, you should be looking to acquire a solid understanding of both the iptables ruleset and nftables (which uses the nft command line tool). 

Even though nftables has superseded iptables to a certain extent, you’ll still come across many iptables-protected networks in the real world, so it’s vital that you be able to work with them.

Securing your Linux server

Besides implementing an effective firewall, there are many other ways of securing your server, and you should be aware of all of them. 

Some of these are standard practice across the cybersecurity field e.g. good password hygiene, configuring 2FA, antivirus protection. But some are more Linux-specific. For instance, it’s important to disable the root login on a business server. That’s because the elevated administrative permissions can give cybercriminals a way in.

Being able to use SELinux

Security Enhanced Linux (SELinux) implements a Mandatory Access Control permission system in the Linux kernel. It was designed to protect against unauthorized use and is an integral part of every experienced Linux sysadmin’s toolkit.

The SELinux status can be disabled, permissive, or enforcing (which you can think of as off/watching but not doing/watching and actively protecting respectively). Make sure you can use the getenforce command and the sestatus utility to find the system’s current status.

Intrusion detection and prevention

There are many Intrusion Prevention Systems (IPS) available whose primary function is to monitor network traffic and stop attacks. These have largely replaced the earlier Intrusion Detection Systems (IDS), which detected intrusions and sent an alert to the sysadmin but didn’t actually do anything else. Not very helpful.

You’ll need a thorough knowledge of how to set up tools like OSSEC, Tripwire and fail2ban so that protection is set at the appropriate level.

Configuring data encryption

There are two approaches to data encryption with Linux: full-disk encryption, which encrypts the block device before it is mounted on the system, and file-based encryption, which encrypts a file or folder only using native filesystem features. 

For networks, you’ll usually be using full-disk encryption, so you should be aware of your options for implementing block device encryption. You can use LUKS (Linux Unified Key Setup) encryption in all modern installers.

Using Pluggable Authentication Modules (PAM)

It’s worth learning about PAM configuration files early on, so you land on your feet when dealing with advanced authentication and security considerations.

Rather than having to write new authentication checks for each authentication method used by an app, PAM allows for a separate specialized authentication procedure to be used, whether the user is being authenticated via security certificate, biometric protocol like fingerprint identification and so on.

Configuring Linux system auditing

A vital weapon in the sysadmin’s security armory is the audit daemon (auditd). It generates log entries displaying information about what’s happening on the network. This helps you track potential violations of security. 

It’s important to know how to define audit rules, search the logs and create reports from the data provided. It helps you get to know your system much better and assists in the improvement of your security protocols.

Knowing your vulnerability scanning tools

Every system has its security flaws, and a crucial part of your role will be finding them before an attacker does.

Luckily, there are many vulnerability scanning tools to choose from. At the very least, you should be familiar with OpenVAS, Archery and Lynis. Other excellent tools include Prowler (vuln), Safety, and salt-scanner.

Being familiar with container security

Because containers are so easy to implement, portable and simple to configure, you’re likely to use them often. They do share the host system’s kernel, though, which can become a potential attack vector.

So it’s prudent to consider security on your Linux containers. Some angles of approach include employing user namespaces, SELinux MAC, restricting syscalls and setting resource limits.

Conducting penetration testing

The open-source nature of Linux means that the kinds of tools available for penetration testing are also often the same ones used by hackers themselves. So there’s really no excuse not to be prepared for a realistic attack scenario.

Make sure you know all about the most common pentesting tools so you can use them fluently. These include Kali Linux, BackBox, Parrot Security OS, and BlackArch.

Knowing your open-source SIEM tools

SIEM (Security Information and Event Management) describes a security and auditing system that comprises a number of different analysis and monitoring elements. 

There are all-rounder solutions available (e.g. LogRhythm, QRadar, ArcSight) but they are expensive, so knowing what’s available in terms of open-source equivalents is a good idea. You’ll find you need to use several as they all tend to have different strengths and weaknesses.

Upping your overall Linux cybersecurity skills

To sum up, there are a few areas you should be focusing on when brushing up your cybersecurity skills. Broadly speaking, you can divide these into the following: 

  • System and network administration.
  • Knowledge of regular expressions.
  • Strong facility with SELinux and AppArmor.
  • In-depth knowledge of open-source security tools.
  • Bash scripting.

Important Linux Administrator Skills that Should Be Included on Your Resume

Business CybersecurityFeeling confident? Ready to fire up that online electronic signature software and sign your new contract? Hold on there just one minute; you haven’t got the job yet.

Let’s take a look at the kinds of skills you’ll be expected to demonstrate to secure and shine at an interview. The most vital are: 

  • A clear understanding of OWASP: a good familiarity with the Open Web Application Security Project (OWASP) is fundamental to operating in this sector. 
  • Cloud computing skills: Cloud Ops are key in today’s workplace. Make sure you understand cloud architecture and migration, as well as how hybrid cloud environments work.
  • Cyber security skills: these should include mitigation using Linux hacking software, as well as monitoring and prevention for possible DDoS attacks. Knowledge on APT (Advanced Package Tool) will also be useful.
  • System monitoring and administration: VMware, MySQL, Python, and RHEL skills.

Security Training and Certifications to Add to Your Linux Resume

Knowing your stuff is one thing; being able to prove it quite another. Consider certification. The most commonly asked for certifications at the moment are: 

  1. CISSP - Certified Information Systems Security Professional
  2. CISA - Cybersecurity and Infrastructure Security Agency
  3. CEH - Certified Ethical Hacker

Why Making a Good Resume Can Help You Stand Out from the Rest as a Linux Administrator 

It’s a competitive industry and everyone needs an edge. Take the time to focus on sharpening up your resume so it really packs a punch.

Remember the golden rule: tailor your resume to the role in question. Generic resumes tend to lack the kind of sparkle recruiters are looking for.

It’s also vital to maximize your prospects by focusing on your strengths. If you’re relatively young, you may lack experience in the industry, so play up your qualifications and any hands-on projects you’ve succeeded with. On the other hand, more experienced candidates may need to focus on proving that they’re up to date with the latest developments in the sector.

Ready, Set, Go!

Being a Linux administrator is hugely rewarding. Sure, it’s a role full of challenges, and some days are harder than others. But you’ll never be bored, and if you have a true passion for Linux, there’s a job out there for you. 

So get yourself ready, make sure you’re all set, and yes – soon enough, you’ll be breaking out that contract generator software and hitting the ground running on your first day. Good luck!