Stay Ahead With Linux Security Features
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
security advisory Red Hat Researchers investigating a campaign now tracked as Miasma found that more than 30 packages in Red Hat's @redhat-cloud-services npm namespace had been altered to deliver credential-stealing malware. . The packages weren't being used to deploy ransomware or sabotage systems. From what has been reported so far, the objective appears to have been much simpler: collect credentials from developer environments and use that access elsewhere. GitHub tokens, cloud credentials, SSH keys, and other...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -3 articles for you...
102
cybersecuritySELinuxsystem administrationKey Skills For Linux Administrators: Crafting A Standout Resume
If you’ve thought about becoming a professional Linux administrator but you’re not sure where to start, this article is for you. . In it, we’ll explore some of the most important skills expected of someone working in the role. Many of them you’ll already be familiar with, but some may surprise you. Much of our focus will be on cybersecurity and how to make sure you’re ready to deal with security issues from day one. We’ll also cover what sort of administrator skills you’ll need and look at what to include in your resume to give you the best chance of success. What Is a Linux Administrator? The typical Linux administrator’s business agreement contract won’t necessarily specify every aspect of the job description. That’s because the role involves being a jack-of-all-trades and every day is different. Broadly speaking, you’ll be responsible for overseeing every element of both hardware and software management, not only for the physical but also the virtual systems. On a day-to-day basis, that can mean sundry tasks like backup, building new systems, maintenance, configuring and installing new applications. On occasion, it will mean disaster recovery, which is not always the most fun day. One area that is absolutely crucial is network security. Any good Linux sysadmin worth the name will have a broad technical knowledge of the subject. What Linux Administrators Should Know about Security If you’re thinking about embarking on cybersecurity training for Linux systems, here are the fundamentals you should make sure are covered: Creating a good firewall policy Familiarity with Netfilter interpreters like ufw and firewalld is a good start. To have a full grounding in network-wide firewall implementation, though, you should be looking to acquire a solid understanding of both the iptables ruleset and nftables (which uses the nft command line tool). Even though nftables has superseded iptables to a certain extent, you’ll still come across manyiptables-protected networks in the real world, so it’s vital that you be able to work with them. Securing your Linux server Besides implementing an effective firewall, there are many other ways of securing your server, and you should be aware of all of them. Some of these are standard practice across the cybersecurity field e.g. good password hygiene, configuring 2FA, antivirus protection. But some are more Linux-specific. For instance, it’s important to disable the root login on a business server. That’s because the elevated administrative permissions can give cybercriminals a way in. Being able to use SELinux Security Enhanced Linux ( SELinux ) implements a Mandatory Access Control permission system in the Linux kernel. It was designed to protect against unauthorized use and is an integral part of every experienced Linux sysadmin’s toolkit. The SELinux status can be disabled, permissive, or enforcing (which you can think of as off/watching but not doing/watching and actively protecting respectively). Make sure you can use the getenforce command and the sestatus utility to find the system’s current status. Intrusion detection and prevention There are many Intrusion Prevention Systems (IPS) available whose primary function is to monitor network traffic and stop attacks. These have largely replaced the earlier Intrusion Detection Systems (IDS), which detected intrusions and sent an alert to the sysadmin but didn’t actually do anything else. Not very helpful. You’ll need a thorough knowledge of how to set up tools like OSSEC, Tripwire and fail2ban so that protection is set at the appropriate level. Configuring data encryption There are two approaches to data encryption with Linux: full-disk encryption, which encrypts the block device before it is mounted on the system, and file-based encryption, which encrypts a file or folder only using native filesystem features. For networks, you’ll usually be using full-disk encryption, so you should be aware of youroptions for implementing block device encryption. You can use LUKS (Linux Unified Key Setup) encryption in all modern installers. Using Pluggable Authentication Modules (PAM) It’s worth learning about PAM configuration files early on, so you land on your feet when dealing with advanced authentication and security considerations. Rather than having to write new authentication checks for each authentication method used by an app, PAM allows for a separate specialized authentication procedure to be used, whether the user is being authenticated via security certificate, biometric protocol like fingerprint identification and so on. Configuring Linux system auditing A vital weapon in the sysadmin’s security armory is the audit daemon (auditd). It generates log entries displaying information about what’s happening on the network. This helps you track potential violations of security. It’s important to know how to define audit rules, search the logs and create reports from the data provided. It helps you get to know your system much better and assists in the improvement of your security protocols. Knowing your vulnerability scanning tools Every system has its security flaws, and a crucial part of your role will be finding them before an attacker does. Luckily, there are many vulnerability scanning tools to choose from. At the very least, you should be familiar with OpenVAS, Archery and Lynis. Other excellent tools include Prowler (vuln), Safety, and salt-scanner. Being familiar with container security Because containers are so easy to implement, portable and simple to configure, you’re likely to use them often. They do share the host system’s kernel, though, which can become a potential attack vector. So it’s prudent to consider security on your Linux containers. Some angles of approach include employing user namespaces, SELinux MAC, restricting syscalls and setting resource limits. Conducting penetration testing The open-source nature of Linux means that thekinds of tools available for penetration testing are also often the same ones used by hackers themselves. So there’s really no excuse not to be prepared for a realistic attack scenario. Make sure you know all about the most common pentesting tools so you can use them fluently. These include Kali Linux, BackBox, Parrot Security OS, and BlackArch. Knowing your open-source SIEM tools SIEM (Security Information and Event Management) describes a security and auditing system that comprises a number of different analysis and monitoring elements. There are all-rounder solutions available (e.g. LogRhythm, QRadar, ArcSight) but they are expensive, so knowing what’s available in terms of open-source equivalents is a good idea. You’ll find you need to use several as they all tend to have different strengths and weaknesses. Upping your overall Linux cybersecurity skills To sum up, there are a few areas you should be focusing on when brushing up your cybersecurity skills. Broadly speaking, you can divide these into the following: System and network administration. Knowledge of regular expressions. Strong facility with SELinux and AppArmor. In-depth knowledge of open-source security tools. Bash scripting. Important Linux Administrator Skills that Should Be Included on Your Resume Feeling confident? Ready to fire up that online electronic signature software and sign your new contract? Hold on there just one minute; you haven’t got the job yet. Let’s take a look at the kinds of skills you’ll be expected to demonstrate to secure and shine at an interview. The most vital are: A clear understanding of OWASP: a good familiarity with the Open Web Application Security Project (OWASP) is fundamental to operating in this sector. Cloud computing skills: Cloud Ops are key in today’s workplace. Make sure you understand cloud architecture and migration, as well as how hybrid cloud environments work. Cyber security skills: these shouldinclude mitigation using Linux hacking software, as well as monitoring and prevention for possible DDoS attacks. Knowledge on APT (Advanced Package Tool) will also be useful. System monitoring and administration: VMware, MySQL, Python, and RHEL skills. Security Training and Certifications to Add to Your Linux Resume Knowing your stuff is one thing; being able to prove it quite another. Consider certification. The most commonly asked for certifications at the moment are: CISSP - Certified Information Systems Security Professional CISA - Cybersecurity and Infrastructure Security Agency CEH - Certified Ethical Hacker Why Making a Good Resume Can Help You Stand Out from the Rest as a Linux Administrator It’s a competitive industry and everyone needs an edge. Take the time to focus on sharpening up your resume so it really packs a punch. Remember the golden rule: tailor your resume to the role in question. Generic resumes tend to lack the kind of sparkle recruiters are looking for. It’s also vital to maximize your prospects by focusing on your strengths. If you’re relatively young, you may lack experience in the industry, so play up your qualifications and any hands-on projects you’ve succeeded with. On the other hand, more experienced candidates may need to focus on proving that they’re up to date with the latest developments in the sector. Ready, Set, Go! Being a Linux administrator is hugely rewarding. Sure, it’s a role full of challenges, and some days are harder than others. But you’ll never be bored, and if you have a true passion for Linux, there’s a job out there for you. So get yourself ready, make sure you’re all set, and yes – soon enough, you’ll be breaking out that contract generator software and hitting the ground running on your first day. Good luck! . As the need for skilled Linux admins grows, building a strong skill set is essential. Key skills include Linux OS knowledge, shell scripting, and system securityexpertise.. Linux Administrator Skills,Cybersecurity Skills,Firewall Management,Resume Building,Cloud Security. . Brittany Day
Oct 24, 2022
•
102
access controlfirewall managementsecurity guidelinesNetwork Security Audit: Key Strategies for LAN Security and Access Control
In the First part of Network Security we had a brief overview of the areas that are to be considered on accessing a network's security and also we looked into a few points in each of Management and Administration areas. . Mean while the article titled " Security Scanning is not Risk Analysis " by Laura Taylor on 14 th July 2002 is a good article and deals in depth with what an Organization's management has to know about Security. Now lets continue and look into some of the finer points in each of the other areas. i.e., LAN Security, Access control, Operations. LAN Security: Is the LAN secured from viruses? The extent of virus protection can be gauged by looking into the Anti viruses programs installed in the Network. Things like: Does the Mail gateway to the network have an online antivirus? Do the Servers in the network have an online antivirus (having antivirus only on the servers will suffice if the end user has no external net access and has no access to hardware to install new softwares like using a floppy, etc.) Is the third party media (such as Floppy/CD-ROM) access controlled (like check for viruses, etc.) Is the communication between systems controlled? Are the systems being properly isolated (Like in cases the Production systems should be separated from the development systems etc.) or are they provided with proper gateway access (setting of Firewall for control of access between intra-networks, etc.) Are software/hardware acquisitions/disposals controlled? Check whether there is an established procedure for acquiring any new software/hardware requirements (Usually its required to get proper clearance and a proper channel for acquiring any new software/hardware required). Even the disposal of the hardwares should be done with due permissions and through proper channel ( Improper disposals of Hardware like harddisks etc. can prove to be a great security risk). Check for unauthorized software/hardware installed onthe LAN. This check should be done manually on each of the systems in the network. Check for Trojans/Root kits etc. Check for the ports that are open in each of the system. Use a port scanner to detect any unwanted services running on the network. Any unwanted service/port open on the network is bound to pose a serious threat for security, usually its because it may be a backdoor/Trojan or since the administrator isn't aware of this service he may not be monitoring the secure/insecure usage of the service. This (point 4) is what is usually mistaken for a vulnerability assessment. Hope this article produce some awareness on real vulnerability assessments made by professionals and organizations give a serious thought of vulnerability assessment. Firewall and ACL Configuration Are the Firewall policies and Access Control Lists properly maintained/updated when changes are made to the network access. Usually when any changes are made to system access (in case of removal of a system from network) most of the administrators fail to cross check this change with the firewall ruleset (in case this system has access to a classified server, this ruleset still exists ) and this may be misused. Similarly the Access Control Lists should be cross-checked when any changes are made in the user/group accounts. Does the firewall contain rules to prevent denial of service attacks, rules to prevent spoofing ( eg: requests coming from outside network has IP originating from local internal LAN). These are some of the most basic rules that should be present in any firewall. Check for existence of backup firewall incase of failure of the primary one. The upload/download process should be monitored. (The user should be notified about his upload/download process and mails being monitored if it is being monitored). Does the source and destination of the data transfer authenticate each other or are the source/destination traceable (Use DHCP for LAN addressallocation usually based on Mac addresses). Check that the software license compliance exists. (i.e., make sure that the users are using legitimate software and aware of software licensing). Do checks for accounts holding privileged rights, unused accounts, is there adequate support staff for providing user support and is there any backup administrator in case of his absence. Is data being transported in encrypted mode whenever necessary. Access Control: Check that the user access is controlled appropriately. There are various guidelines to be followed when checking for user access. Each user's privileges must be defined, documented, and controlled with appropriate access controls. Look for the user name and password policy. Each user should have a unique user name. The password set for (by) the user should be of a minimum length of 6 characters, should contain a combination of alpha and numerals and one special character (such as * # % ^ & $ etc.). Users/Admins should avoid having passwords which are easily guessed like the same as username, username backwards, etc., The password should be changed regularly (a password expire period should be set). Check for guest user access rights and ex-staff accounts (should not be present). Accounts should be disabled on 4-6 unsuccessful login attempts and systems disconnected on certain time of inactivity after the connection is established to a particular system (this requires settings to be done on the servers being accessed). Dial-up access should have another level of access control apart from user id and password (like callback) The access should also be time controlled Operations: It is not necessary that there should be an operations department in each of the organizations. Some organizations suffice with only one IT department which handles all of these areas discussed. The organizations structure is not so important. But when implementing/assessing security, due care is to be taken ondescribing the duties for each of the concerned department personnel. The physical transmission media like LAN cables, Routers, Switches, etc. should be adequately protected. The LAN servers should be secured from physical access too. Unauthorized personnel shouldn't be able to get near it. Are the Systems, Peripherals, and devices being protected from fluctuations/disturbances in electric power supply. (Usually the network should contain an online UPS system to protect against electric power fluctuations and backup). The setup should also ensure non-stop working of these devices. Hence there should be a backup power supply. The data backup should be taken regularly according to a schedule (full, incremental backups) and tested for restoration and backup errors. The backup media should be physically secured. A weekly backup should be placed at a different physical location (different branch office) under safe custody in case of calamities like fire, flood, etc. The recovery process should be tested periodically. The organization should ensure an adequate staff capable of supporting the users and performing backup and recovery operations. Also ensure their availability at any time required. The user should know whom to contact on what kind of problems and how to reach them, for this the users should be briefed about their actions in such situations. Checks should be performed to adequate availability of resources (backbone, traffic on the file server and the ability of the file server to handle these loads). This check is to be performed on each of the generally accessed systems and the critical servers. The access to critical systems (not necessarily limited to this) should be restricted with proper tools like keys, badges, electronic sensors, movement sensors, biometrics identification. Are the keys to important cabinets and rooms in safe custody. The system rooms should be properly protected against fire, soexistence of Fire alarms, Fire extinguishers are all good signs of proper security. The computer systems should be periodically maintained, cleaned and a log of the same done kept for cross checks. The users/admins should be adequately trained for the duties to be performed, reporting problems. The users should be informed/warned about their intrusive activities (if any) and a procedure described for actions taken against them. Literally speaking everything listed in these parts are only guidelines to consider. An actual assessment depends on the kind of organization, their use of Information Technology, number of systems, kind of data storage, type of business the organization does. Some of these points may prove to be too much to consider in some situations (and I consider this to be too little). A security audit should take into account anything that's potential threat for disclosure of data, providing access to any unauthorized persons, improper use of resources, or the inability to handle breakdown of systems. I hope this article is of some help to someone somewhere in the globe. . Explore the critical facets of network security assessments, concentrating on local area network protection and key protocols for managing access control.. Network Security Audit, LAN Protection, Access Control Management, Firewall Configuration, Security Measures. . Anthony Pell
Mar 01, 2010
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More