Stay Ahead With Linux Security HOWTOs
How to Secure My Network
access control Linux administration
access control Linux administration Most SSH hardening advice ends at the same recommendation: Disable password authentication and use SSH keys. . That's good advice. It removes entire classes of attacks, including password spraying, credential stuffing, and brute-force attempts against exposed servers. The problem is what happens next. Many administrators treat SSH keys as the finish line when they are really the beginning of the hardening process. Attackers rarely care whether they obtained access with a password or a private...
Jun 05, 2026
How to Secure My Networksecurity advisory remote access
security advisory remote access Most of the time, nobody notices. SSH authentication succeeds, no alerts are generated, and the connection looks exactly the way it did the day the key was installed. That's part of the problem. . When security teams investigate unauthorized access on Linux systems, they often focus on passwords, exposed services, or vulnerable software. Trusted access receives less attention. Yet a single forgotten or unauthorized SSH key can provide the same access as a legitimate user while attracting very...
Jun 03, 2026
How to Secure My Networkintrusion detection application security
intrusion detection application security The wrong IPS rule can look like a security fix right up until it becomes an outage. . On Linux systems, detection and prevention are often discussed together, but they do not carry the same operational risk. One tells admins that something suspicious happened. The other can decide whether traffic is allowed to continue. That is why IDS vs IPS is not just a definition to memorize. It is a deployment decision about where to monitor, where to block, and how much confidence a team needs before...
Jun 01, 2026
How to Secure My Networkunauthorized access security techniques
unauthorized access security techniques Exposed SSH servers are continuously hammered by brute-force attacks, password spraying, credential stuffing, and recycled passwords from infostealer dumps. Attackers rotate usernames, test weak credentials, and probe for anything that gives them initial access. The logs usually look messy long before the compromise happens. . The difficult part is separating harmless failures from actual intrusion activity. One failed login from an internal workstation rarely matters. Repeated failures...
May 28, 2026
How to Secure My Networksecurity advisory incident response
security advisory incident response The first 30 minutes after discovering a compromised Linux server usually decide how much evidence remains available. One rushed reboot or cleanup attempt can wipe logs, terminate malicious processes, or remove network activity that investigators still need to review. Attackers also do not usually stay on one system for long once access is established. Early response is mostly about preserving visibility. Collect process information. Save network connections. Limit access carefully before...
May 28, 2026
Refine HOWTOs
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security HOWTOs
We found 1 articles for you...
162
security measuresPAMbiometric authenticationSetting Up Fingerprint Authentication On Linux Using PAM
The fingerprint is one of the most common entries for authorization. The use of biometric data for authorization confirms the physical existence of individuals by using an element that is relatively inseparable from them . . In addition, biometric data provides security to the person by using data specific to almost every individual. Leaving aside the legal usage limits of biometric data, these features highlight the use of fingerprints over other second-factor tools. Here's how you can set up your fingerprint scanner on Linux using PAM (Pluggable Authentication Modules). . Implementing your retinal biometrics through PAM significantly boosts the security framework, employing unique visual traits for authentication purposes.. Fingerprint Scanner, PAM Authentication, Biometric Data, Linux Security. . Brittany Day
Nov 28, 2022
•
How to Strengthen My Privacy
166
system hardeningsecurity best practicesuser authenticationKali Linux: Steps for Changing Your Root Password Securely Now
The first thing to do right after booting into Kali Linux for the first time is to change the default root password. Here's how you can do it. . A system protected by default credentials is an open invitation for adversaries to exploit. It is highly recommended that you set a custom root password for your Kali Linux machine as soon as it boots up post-installation. In this primer, you will find the easiest and swiftest way to reset the root password of your Kali Linux desktop with the passwd command or, if you forgot your root password then with the GRUB bootloader. . Strengthen your Kali Linux environment by modifying the initial root password to avert potential breaches efficiently.. Kali Linux Password Change, Root Access Security, Change Default Credentials. . Brittany Day
Apr 05, 2022
•
How to Learn Tips and Tricks
166
password managementsecurity policyuser authenticationHow to Enforce Password Changes on Linux for User Accounts
Passwords are the keystone to account security. Learn how to reset passwords, set password expiration periods, and enforce password changes on your Linux network in this How-To Geek tutorial. . We’ve been proving to computers that we are who we say we are since the mid-1960s, when the password was first introduced. Necessity being the mother of invention, the Compatible Time-Sharing System developed at the Massachusetts Institute of Technology needed a way to identify different people on the system. It also needed to prevent people from seeing each other’s files. Fernando J. Corbató proposed a scheme that allocated a unique username to each person. To prove someone was who they said they were, they had to use a private, personal password to access their account. The link for this article located at How-To Geek is no longer available. . Discover methods to adjust and mandate password updates to strengthen protection across your Linux systems efficiently.. Password Management, User Authentication Policies, Linux Security, Account Security, System Management. . Brittany Day
Nov 05, 2020
•
How to Learn Tips and Tricks
163
John the Rippersecurity assessmentLinux toolHow to Verify Strong Passwords Using John the Ripper on Linux Systems
Are you certain that your end users are utilizing strong passwords on your Linux servers? Let a tool called John the Ripper (JTR) show you who is and who isn't. Learn how this is done in a helpful tutorial. . The security of your Linux servers is only as strong as the passwords used by your end users. If your users have weak passwords, it's only a matter of time before any given ne'er do well breaks into your system to wreak havoc on your network or steal precious data. You don't want that. So what do you do? You can certainly set password policies, but even then, you might have a user that predates the policy or maybe you've set a policy that borders on weak. To make sure your users aren't working with weak passwords, you can employ a tool called John the Ripper (JTR) to make sure those passwords aren't easily crackable. . Secure your Linux servers by effectively auditing user passwords with John the Ripper to enhance overall security and protect sensitive data.. Password Strength, John the Ripper, Linux Passwords, User Security, Authentication Checks. . Brittany Day
May 01, 2020
•
How to Secure My Webserver
163
access controlapacheweb serverGrasping the Essentials of Access Control in Apache Security Measures
Here's a pretty well-written introduction to utilizing the access control mechanisms built into Apache. This includes the Apache security modules, controlling access by IP and username, using htaccess/htpasswd, among others.. . Apache HTTP Server's access control mechanisms include modules and user authentication methods to manage resource access and enhance security effectively. Apache Access Control, Authentication Methods, Web Server Security. . Anthony Pell
Nov 23, 2004
•
How to Secure My Webserver
166
password managementuser authenticationpassword securityBest Practices for Password Management and User Authentication
Having a secure password is often the first line of defense against security breaches.. One of the most important security features used today are passwords. It is important for both you and all your users to have secure, unguessable passwords. Most of the more recent Linux distributions include password programs that do not allow you to set a easily guessable password. Make sure your passwd program is up to date and has these features. Password security is the most critical means to protect your system from compromise. Without an effective well-chosen password, your system is sure to be compromised. It is the most basic means of authentication. Password security involves both choosing good passwords, and enforcing this on the users of the system. Knowing a password and having physical access to a terminal are all that an unauthorized user needs to gain access to a system. Once a user has gained access to the system, she can steal data or corrupt the system in obvious as well as subtle ways. If your account is compromised as a result of choosing a poor password, you may ultimately be responsible. It is your responsibility to ensure that your account is not compromised. Conventional Linux distributions have used a one-way encryption algorithm, called DES (Data Encryption Standard) to encrypt passwords. More recently, a stronger method using the MD5 function is being used. This produces a 128-bit integrity fingerprint and allows for longer passwords, and are more difficult to crack. How is my password stored? This encrypted password is stored in /etc/passwd or /etc/shadow if you have "shadow passwords" enabled. A conventional password from /etc/shadow might look like this: fred:m2nv/1iKlc1:11080:0:99999:7:-1:-1:134537628 The actual password that the user typed is not stored anywhere on the system. Instead, a value that is generated by using the password to encrypt a block of zero with a one-way function called crypt() is used. When you attempt to authenticate yourself tothe system using the same password that was supplied to set the password, the system runs it through the crypt() algorithm again, and compares it to the stored value. If the encrypted results match, you are authenticated. An MD5-equipped password would look similar to this: fred:$1$NCz74a5c$s/CbS1cqse2C1nV/1IKjc1:11080:0:99999:7:-1:-1:134537628 Shadow passwords are a means of keeping your encrypted password information secret from normal users. Normally this encrypted password is stored in your /etc/passwd file for all to read. They can then run password guesser programs on it and attempt to determine what it is. Shadow passwords save this information to a /etc/shadow file that only privileged users can read. All current distributions surely are configured by default for shadow passwords. When you attempt to login, whatever you type in is encrypted again and compared with the entry in the file that stores your passwords. If they match, it must be the same password, and you are allowed access. Although DES is a two-way encryption algorithm (you can code and then decode a message, given the right keys), the variant that most unicies use is one-way. This means that it should not be possible to reverse the encryption to get the password from the contents of /etc/passwd or /etc/shadow . Any entry in the password file with a user-ID of "0" (zero) is a root entry, regardless of what it's called. Choose effective passwords There is a great deal of information available on the Internet regarding choosing good passwords. A password minimum of 6 characters should be enforced, and 8 characters provides a significant improvement in security. You can find more information on improving password security in the postscript document titled Foiling the Cracker: Survey of, and Improvements, to Password Security and demonstrates the ease with which most passwords can be guessed by a motivated attacker. Brute force attack tools, such as John the Ripper , can often guess passwords unless yourpassword is sufficiently random. PAM modules allow you to use a different encryption routine with your passwords (MD5 or the like) making it more difficult to crack. Protect your password by following these guidelines: Never share your password. When you tell someone your password and let them log in to your account, the system loses its ability to hold individual users accountable for their own actions. Do not write down your password. Many system penetrations occur simply because a user wrote his or her password on a terminal. If a password must be recorded, keep it under lock and key. Never use an old password again. This increases the probability that someone can guess the password. Never type a password while someone is watching. It is possible to steal a password simply by watching someone type it. Be especially careful if you are using a workstation in a public area. If you are allowed to choose your own password, choose your password wisely. Select passwords that are hard to guess. Never use an ordinary word or a proper name, your spouse's, child's, or pet's name, your birthday, your address, or a machine name, even if these words are specified backward, permuted in some other way, or have a number added to the front or back. Always choose a password that contains some numbers or special characters. Always select different passwords for different machines, but never use the name of the machine, even permuted. Although these procedures add a small amount of effort to your login, they help to avoid system compromise. Resources: Department of Defense Password Management Guideline -- Enumerates a number of good password management practices. Selecting Good Passwords -- Quick list of things to keep in mind when choosing a password and should be consulted when developing your security policy. Standard for Automated Password Generator -- Federal Information Processing Standard No. 181. Foiling the Cracker: A Survey of, andImprovements to, Password Security -- Demonstrates the ease with which most passwords can be guessed by a motivated attacker. Observing Reusable Password Choices -- A method for observing password choices made by users, and how to protect it from being compromised. OPUS: Preventing Weak Password Choices -- A system that uses Bloom filters to implement a constant-time dictionary lookup, regardless of dictionary size, to check a user's password choice for " goodness" User Authentication and Related Topics: An Annotated Bibliography Password Security: A Case History -- A description of the original UNIX password algorithm, and the reasons for replacing it with the current one. UNIX Password Security - Ten Years Later -- A reexamination of the UNIX password algorithm after ten years of advances in software and hardware. The S/Key One-Time Password System -- A freely available implementation of one-time passwords. . Robust passwords play a vital role in preventing unauthorized access. Discover essential strategies for developing and protecting your passwords.. Password Management, User Authentication, Encryption Techniques. . Anthony Pell
Jul 06, 2000
•
How to Learn Tips and Tricks
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More