Advanced Linux Security and Automation
As a systems engineer, mastering advanced Linux administration topics is crucial for ensuring the security, reliability, and efficiency of your servers. This post delves into essential aspects of advanced Linux administration, including securing servers, managing services, and automating tasks using cron jobs and systemd.
Securing Linux Servers
User Management
-
Creating and Managing Users: Use the
useradd
command to create users andusermod
to modify them.sudo useradd -m newuser sudo passwd newuser
-
Managing User Groups: Use
groupadd
to create groups andusermod -aG
to add users to groups.sudo groupadd admin sudo usermod -aG admin newuser
-
Setting Permissions: Use
chmod
to set file permissions andchown
to change file ownership.sudo chmod 700 /home/newuser sudo chown newuser:newuser /home/newuser
SSH Security
-
Disable Root Login: Edit the SSH configuration file to disable root login.
sudo nano /etc/ssh/sshd_config
PermitRootLogin no
-
Use SSH Key Authentication: Generate an SSH key pair and add the public key to
~/.ssh/authorized_keys
.ssh-keygen -t rsa ssh-copy-id newuser@yourserver.com
-
Change the Default SSH Port: Change the SSH port to reduce exposure to brute-force attacks.
Port 2222
-
Restart SSH Service: Apply changes by restarting the SSH service.
sudo systemctl restart sshd
Firewall Configuration
-
Install and Configure UFW: Use UFW (Uncomplicated Firewall) to manage firewall rules.
sudo apt install ufw # Ubuntu sudo ufw allow 2222/tcp # Allow SSH on the new port sudo ufw enable
-
Configure FirewallD: On CentOS, use FirewallD.
sudo yum install firewalld sudo systemctl start firewalld sudo firewall-cmd --permanent --add-port=2222/tcp sudo firewall-cmd --reload
Intrusion Detection
-
Install and Configure Fail2Ban: Protect your server from brute-force attacks.
sudo apt install fail2ban # Ubuntu sudo yum install fail2ban # CentOS sudo systemctl enable fail2ban sudo systemctl start fail2ban
-
Configure Fail2Ban: Edit
/etc/fail2ban/jail.local
to configure monitoring and banning rules.[sshd] enabled = true port = 2222 maxretry = 3
Managing Services with systemd
Service Management
-
Starting and Stopping Services: Use
systemctl
to start, stop, and restart services.sudo systemctl start apache2 sudo systemctl stop apache2 sudo systemctl restart apache2
-
Enable and Disable Services: Configure services to start on boot.
sudo systemctl enable apache2 sudo systemctl disable apache2
-
Checking Service Status: Monitor the status of services.
sudo systemctl status apache2
Creating Custom systemd Services
-
Create a Service File: Create a new service file in
/etc/systemd/system
.sudo nano /etc/systemd/system/myapp.service
[Unit] Description=My Custom Application Service After=network.target [Service] ExecStart=/usr/bin/python3 /home/user/myapp.py Restart=always User=user [Install] WantedBy=multi-user.target
-
Enable and Start the Service: Enable and start your custom service.
sudo systemctl enable myapp sudo systemctl start myapp sudo systemctl status myapp
Automating Tasks with Cron Jobs
Creating Cron Jobs
-
Edit the Crontab File: Use the
crontab -e
command to edit the crontab file.crontab -e
-
Add Cron Job Entries: Add entries to schedule tasks.
# m h dom mon dow command 0 2 * * * /usr/bin/python3 /home/user/backup.py # Run backup script at 2 AM daily
Common Cron Job Syntax
-
Schedule Syntax: Understand the format for scheduling.
* * * * * command_to_execute - - - - - | | | | | | | | | +----- day of week (0 - 7) (Sunday=0 or 7) | | | +------- month (1 - 12) | | +--------- day of month (1 - 31) | +----------- hour (0 - 23) +------------- minute (0 - 59)
-
Special Strings: Use special strings for common schedules.
@reboot /path/to/script # Run at startup @daily /path/to/script # Run once a day @hourly /path/to/script # Run once an hour
Managing Cron Jobs
-
List Cron Jobs: View all cron jobs for the current user.
crontab -l
-
Remove Cron Jobs: Remove a user’s cron jobs.
crontab -r
Conclusion
Advanced Linux administration involves securing servers, managing services, and automating tasks efficiently. By implementing best practices in security, service management with systemd, and task automation with cron jobs, you can ensure that your Linux systems are secure, reliable, and optimized for performance. Keep exploring advanced topics and continuously monitor your systems to maintain a robust and efficient infrastructure. Happy administering!