Stay Ahead With Linux Security HOWTOs
How to Secure My Network
access control Linux administration
access control Linux administration Most SSH hardening advice ends at the same recommendation: Disable password authentication and use SSH keys. . That's good advice. It removes entire classes of attacks, including password spraying, credential stuffing, and brute-force attempts against exposed servers. The problem is what happens next. Many administrators treat SSH keys as the finish line when they are really the beginning of the hardening process. Attackers rarely care whether they obtained access with a password or a private...
Jun 05, 2026
How to Secure My Networksecurity advisory remote access
security advisory remote access Most of the time, nobody notices. SSH authentication succeeds, no alerts are generated, and the connection looks exactly the way it did the day the key was installed. That's part of the problem. . When security teams investigate unauthorized access on Linux systems, they often focus on passwords, exposed services, or vulnerable software. Trusted access receives less attention. Yet a single forgotten or unauthorized SSH key can provide the same access as a legitimate user while attracting very...
Jun 03, 2026
How to Secure My Networkintrusion detection application security
intrusion detection application security The wrong IPS rule can look like a security fix right up until it becomes an outage. . On Linux systems, detection and prevention are often discussed together, but they do not carry the same operational risk. One tells admins that something suspicious happened. The other can decide whether traffic is allowed to continue. That is why IDS vs IPS is not just a definition to memorize. It is a deployment decision about where to monitor, where to block, and how much confidence a team needs before...
Jun 01, 2026
How to Secure My Networkunauthorized access security techniques
unauthorized access security techniques Exposed SSH servers are continuously hammered by brute-force attacks, password spraying, credential stuffing, and recycled passwords from infostealer dumps. Attackers rotate usernames, test weak credentials, and probe for anything that gives them initial access. The logs usually look messy long before the compromise happens. . The difficult part is separating harmless failures from actual intrusion activity. One failed login from an internal workstation rarely matters. Repeated failures...
May 28, 2026
How to Secure My Networksecurity advisory incident response
security advisory incident response The first 30 minutes after discovering a compromised Linux server usually decide how much evidence remains available. One rushed reboot or cleanup attempt can wipe logs, terminate malicious processes, or remove network activity that investigators still need to review. Attackers also do not usually stay on one system for long once access is established. Early response is mostly about preserving visibility. Collect process information. Save network connections. Limit access carefully before...
May 28, 2026
Refine HOWTOs
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security HOWTOs
We found -2 articles for you...
160
security managementfile permissionslinux commandsHow to Adjust Default File Permissions with Umask in Linux
File permissions are critical for the security of a Linux system. But how do you set default permissions for new files on Linux? . If you've used Linux for any length of time, you'd know how important Linux file permissions are. But what about permissions for when you create new files? A utility called umask lets you set default file permissions for new files on Linux. A umask is a "bit mask" that sets permission bits on new files. On Linux systems, it's a standalone command, though modern shells like Bash or Zsh include it as a built-in command. . Learn how to configure default access rights for newly created files in Linux through umask settings, and improve the security oversight of your system.. Umask Command, File Permissions, Linux Security, System Management, Linux Administration. . Brittany Day
Oct 22, 2022
•
How to Harden My Filesystem
160
file managementcommand lineaccess rightsUnderstanding Umask Settings and Default File Permissions in Linux
In Linux, all directories and files have access permissions. You can use chmod to set your preferred access rights for different users. But what decides their default permissions? Let’s talk about umask . . All directories and files have flags called mode bits that decide whether they can be read, written to, or executed. Executing a file means running it like a program or a script. For a directory, you must be able to “execute” a directory to cd into it. Collectively the bit mode settings are called the permissions of the directory or file. There are three sets of permissions. One set is for the owner of the directory or file. Unless the ownership has been changed with chown , the owner is the person who created the directory or file. The link for this article located at How-To Geek is no longer available. . Uncover the way umask affects the baseline permissions assigned to files and folders within Linux environments.. File Permissions, Linux Umask, Access Rights. . Brittany Day
Jul 28, 2022
•
How to Harden My Filesystem
166
security best practicesfile permissionsLinux commandUnderstanding Umask Command for Linux File Permission Control
The umask can be used to control the default file permission on newly-created files.. The umask command controls the default file and directory creation mode for newly-created files and directories. It is recommended that you make root's umask 077, which will disable read, write, and execute permission for other users, unless explictly changed using chmod. The umask command can be used to determine the default file creation mode on your system. It is the octal complement of the desired file mode. If files are created without any regard to their permissions settings, a user could inadvertently give read or write permission to someone that should not have this permission. The umask for the creation of new executable files is calculated as follows: 777 Default Permissions -022 Subtract umask value, for example ----- 755 Allowed Permissions So in this example we chose 022 as our umask. This shows us that new executables that are created are given mode 755, which means that the owner can read, write, and execute the binary, while members of the group to which the binary belongs, and all others, can only read and execute it. The umask for the creation of new text files is calculated as follows: 666 Default Permissions -022 Subtract umask mask, for example ----- 644 Allowed Permissions This example shows us that given the default umask of 666, and subtracting our sample umask value of 022, new text files are created with mode 644, which states that the owner can read and write the file, while members of the group to which the file belongs, and everyone else can only read the new file. Typically umask settings include 022, 027, and 077, which is the most restrictive. Normally the umask is set in /etc/profile , so it applies to all users on the system. The file creation mask must be set while keeping in mind the purpose of the account. Permissions that are too restrictive may cause users to start sharing accounts or passwords, or otherwise compromise security. For example, you mayhave a line that looks like this: # Set the user's default umask umask 033 Be sure to make root's umask to at least 022, which will disable write and execute permission for other users, unless explicitly changed using chmod(1). If you are using Red Hat Linux, and adhered to their user and group ID creation scheme (User Private Groups), it is only necessary to use 002 for a umask with normal users. This is due to the fact that the default configuration is one user per group. In addition to setting the user's default umask, you should be sure you are aware of the umask value that is set in startup scripts as well. Any files that are created during the boot process may be created with the default umask of 666 if it is not explictly specified. Additionally, any servers that are started at boot time, such as inetd(8), may inherit the umask at boot time, which in turn will be passed down to the services, and servers, that it controls. The umask value that the FTP server, spawned by inetd(8) uses, for example, can be easily overlooked, allowing the potential for too lenient permissions on files. In this specific example, the FTP server has command-line options for controlling umask values. Many do not, however. For this reason, you might consider creating a file that gets run at system boot time, before any others, that simply explictly sets the umask to a known value.. The umask command controls the default file and directory creation mode for newly-created files and . umask, control, default, permission, newly-created, files, comma. . Anthony Pell
Jun 24, 2000
•
How to Learn Tips and Tricks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More