Chapter 14. Locking Down Security

IN THIS CHAPTER

  • Add user accounts and change user settings with useradd

  • Change user accounts with usermod

  • Delete users with userdel

  • Add, change, and manage passwords with passwd

  • Manage groups with groupadd, groupmod, and groupdel

  • See who's logged in with last, lastb, and who

  • Configure firewalls with iptables

  • Manage log files with logrotate and logwatch

  • Check out advanced security with SELinux, tripwire, and RPM

Securing your Linux system means first restricting access to the user accounts and services on that system. After that, security means checking that no one has gotten around the defenses you have set up.

Fedora, Red Hat Enterprise Linux, CentOS, and other systems based on those Linux distributions are designed to be secure by default. That means that there are no user accounts with blank passwords, that the firewall is restrictive by default, and that most network services (Web, FTP, and so on) are off by default (even if their software is installed).

Although many of the commands covered in this book can be used to check and improve the security of your Linux system, some basic Linux features are particularly geared toward security. For example, secure user accounts with good password protection, a solid firewall, and consistent logging (and log monitoring) are critical to having a secure Linux system. Commands related to those features, plus some advanced features, such as SELinux and tripwire, are covered in this chapter.

Working with Users and Groups ...

Get Fedora® Linux® TOOLBOX: 1000+ Commands for Fedora, CentOS, and Red Hat® Power Users now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.