Author: Ruwantha Nissanka

Welcome to our 4th part of our tutorial series. Today we will see how to create an access control list. With an ACL, we can allow only a certain person to access a file or directory or we can allow multiple people to access a file or directory with different permissions for each person. If we have a file or directory that’s wide open for Everyone, we can use an ACL to allow different levels of access for either a group or an individual. To begin, let’s create a text file Next, use getfacl to see if we have any access control lists already set on the text file. All we can see here are just the normal permission settings, so there’s no ACL. The first step for setting an ACL is to remove all permissions from everyone except for the user of the file. That’s because the default permission settings allow members of the group to have read/write access and others to have read access. # chmod 600 acl_test.txt Next we will set the ACL using setfacl. Using this you can allow a user or a group to have any combination of read write or execute Privileges. # setfacl -m u:rd:r acl_test.txt Now let’s see the permissions are set The M option of setfacl means that we’re about to modify the ACL. The u: means that we’re setting...

Most of the linux servers are remotely managed by using SSH connections. OpenSSH server is the default SSH service software that comes built in with most of the linux/BSD systems. This service is also known as SSH daemon or sshd and since this service acts as the entry point for your server, it is necessary to secure the SSH service. In this guide, you will learn how to harden your OpenSSH server by using different configuration options to make sure that remote access to your server is as secure as possible. In this first step, you will implement some initial hardening configurations to improve the overall security of your SSH server. Many of the hardening configurations for OpenSSH you implement using the standard OpenSSH server configuration file, which is located at /etc/ssh/sshd_config.   It is advisable that you back up your entire configuration file before continuing with this guide, so that you can recover it in the unlikely event that something goes wrong. Take a file backup with the following command: # sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak This will save a backup copy of the file to /etc/ssh/sshd_config.bak . Run the following command to review the options that are currently set # sshd -T This will run OpenSSH server in extended test mode, which will validate the full configuration file and print out the effective configuration values. You can now open the configuration file using a text editor to begin implementing the initial hardening measures: # vi /etc/ssh/sshd_config Firstly, disable logging in via SSH as the root user by setting the following option: PermitRootLogin no You can limit the...

You may have heard about firewalls before. Firewall is a security solution that can be used to monitor and control traffic that comes into and going out from our system. Iptables is the built-in firewall in a Linux machine. With Iptables, you can set rules to filter out unwanted incoming/outgoing traffic to your system. In this tutorial, let’s see how we can do that Overview of IPTABLES IPtables consists of four tables of rules. Each rule has its own distinct purpose Filter table filter table is for basic protection of our servers and clients. this is the only table that we would normally use. NAT table NAT (network address translation) table is used to connect the public Internet to private networks. Mangle table Mangle table is used to alter network packets as they go through the firewall. Security table Security table is only used for systems that have SELinux Installed. Since we’re currently only interested in basic host protection, we’ll only look at the filter table. Each table consists of chains of rules and the filter table consists of the input, forward and output chains. We will first look at our current configuration using the following command #iptables -L we get this Output. This is associated with IPV4 and to see the configuration associated with ipv6, we will use the following command #ip6tables -L in both cases you see...