Master Linux Security: From Firewall Rules to User & File Permissions

1 Linux Security Strategies

Linux dominates production environments, so protecting services and data is critical. Common attacks include:

What are the typical attack types?

Password brute‑force cracking – attackers use dictionaries to guess user passwords.

Denial‑of‑service (DoS/DDoS) – massive requests exhaust network or CPU resources.

Application vulnerabilities – scanning tools find flaws such as SQL injection or insecure web permissions.

Complete prevention is impossible, but layered defenses—firewalls, IDS, regular updates, and strict configuration—greatly reduce risk.

2 Network Security Devices

Key hardware/software components include firewalls, intrusion‑detection systems (IDS), routers, and switches. Firewalls filter traffic, while IDS monitors for suspicious activity to preserve confidentiality, integrity, and availability.

3 Operating System Hardening

OS‑level hardening involves kernel upgrades, software updates, configuring iptables rules, and disabling unnecessary services. Example to view open ports: netstat -tun To list listening services with process IDs: netstat -anlp Service management on CentOS 7+ uses systemctl: systemctl restart sshd Older scripts reside in /etc/init.d. The chkconfig command can query service status.

4 Firewall Fundamentals

Linux ships with the built‑in packet‑filtering firewall iptables. It operates as a filtering firewall, while application‑layer gateways inspect traffic content. The three built‑in tables are:

filter – handles INPUT, OUTPUT, FORWARD chains.

nat – performs network address translation (PREROUTING, POSTROUTING, OUTPUT).

mangle – modifies packet headers (e.g., TTL, TOS).

Example rule set to allow the 192.168.50.0/24 network to access a web service while blocking host 192.168.50.133:

# Block 192.168.50.133
iptables -A INPUT -s 192.168.50.133 -p tcp --dport 80 -j DROP
# Allow the rest of the subnet
iptables -A INPUT -s 192.168.50.0/24 -p tcp --dport 80 -j ACCEPT

Start, stop, and enable iptables at boot:

service iptables start
service iptables stop
chkconfig --level 35 iptables on

List current filter rules:

iptables -L -n

5 User and Group Management

Linux supports multiple users and groups, each with distinct permissions. Key files: /etc/passwd – user accounts (username, UID, GID, home, shell). /etc/shadow – encrypted passwords and aging information. /etc/group – group definitions. /etc/default/useradd – default attributes for new users.

Common commands:

groupadd – create a group: groupadd -g 1110 lan_group1 groupdel – delete a group: groupdel lan_group1 useradd – add a user (reads /etc/login.defs and /etc/default/useradd): useradd -u 666 -g base_linux -d /opt/base_linux lan_linux usermod – modify an existing account: usermod -u 700 -g test_modify -d /new/home test userdel – remove a user (use -r to delete the home directory):

userdel -r test

6 File Permission Management

Use ls -l to view permissions; the first column encodes type and rwx bits for owner, group, and others. Change ownership with chown: chown -R alice:developers /var/www Adjust access rights with chmod. Symbolic mode example (owner rwx, group r, others r): chmod u=rwx,g=r,o=r file.txt Numeric mode example (owner 7, group 5, others 5):

chmod 755 /usr/local/bin/script.sh

7 Summary

Today we covered Linux security strategies, firewall basics, user management, and file permissions. Understanding these mechanisms lays the groundwork for deeper design‑level security thinking.