Linux Security Checkup: Comprehensive Guide to Quick Audit Essentials

Securing a Linux system is critical for maintaining data integrity, ensuring privacy, and mitigating risks from potential attacks. Regular security audits help identify potential vulnerabilities and ensure that systems are running optimally. This guide outlines essential security concepts, tools, commands, and scripts that system administrators can use to perform quick and effective security audits on Linux systems.

Table of Contents

1. Basic Security Concepts
2. Account and Authentication Security
3. File and Directory Permissions
4. Network Security and Monitoring
5. System Updates and Patching
6. Logs and Monitoring
7. Secure Boot and Kernel Parameters
8. Automating Tasks with Scripts
9. Conclusion

💥1. Basic Security Concepts💥

Before diving into the tools and steps for a security audit, it's important to understand some foundational security concepts:

✳User Management: Regularly monitor user accounts and permissions to ensure that only authorized individuals have access.
✳Process Monitoring: Keep an eye on running processes to detect any unauthorized or suspicious activities.
✳Network Security: Monitor network connections to identify unusual traffic or open ports that could signify a breach.
✳Log Analysis: Regularly check system logs for signs of security incidents or system issues.
✳File Permissions: Ensure that files and directories have appropriate permissions to prevent unauthorized access.

💥2. Account and Authentication Security💥

✨Check for Unused Accounts: Review all accounts in /etc/passwd for inactive or unnecessary users. Disable or remove accounts that are no longer needed.

awk -F: '{ print $1 }' /etc/passwd

✨Enforce Password Policies: Use tools like chage to ensure password aging and complexity requirements. Set minimum and maximum password age, and enforce complexity.

sudo chage -l username

✨Disable Root Login over SSH:

nano /etc/ssh/sshd_config

enter PermitRootLogin no
and restart SSH service

sudo systemctl restart sshd

💥3. File and Directory Permissions💥

✨Audit File Permissions: Use find to locate files with improper permissions and restrict permissions on files that are world-writable.

find / -type f \( -perm 777 -o -perm 666 \) -exec ls -l {} \;

✨Check for SUID/SGID Files: Identify files with elevated privileges and verify the necessity of SUID/SGID bits and remove them if not required.

find / -perm /6000 -type f -exec ls -l {} \;

💥4. Network Security and Monitoring💥

✨Enable a Firewall: Use ufw (Uncomplicated Firewall) or iptables to restrict unauthorized traffic and define rules to allow or deny specific traffic.

sudo ufw enable

✨Check Open Ports:

sudo netstat -tuln

nmap -sS -p 1-65535 localhost

✨Monitor Network Connections:

lsof -i

💥5. System Updates and Patching💥

✨Verify Update Settings:

# For Debian-based systems:
sudo apt update && sudo apt upgrade

# For Red Hat-based systems:
sudo yum update

✨Automate Updates:

sudo apt install unattended-upgrades
sudo dpkg-reconfigure --priority=low unattended-upgrades

💥6. Logs and Monitoring💥

✨Review Logs Regularly: Check critical logs in /var/log/ (e.g., auth.log, syslog, secure).

sudo tail -f /var/log/auth.log

✨Set Up Log Monitoring: Use tools like Logwatch or Rsyslog for alerting.
✨Enable Audit Logging: Install and configure auditd for detailed tracking.

sudo apt install auditd
sudo service auditd start

💥7. Secure Boot and Kernel Parameters💥

✨Secure GRUB Bootloader: Set a password in /etc/grub.d/40_custom to prevent unauthorized kernel boot options and after add the generated password hash to GRUB configuration.

sudo grub-mkpasswd-pbkdf2

✨Harden Kernel Parameters: Edit /etc/sysctl.conf to include:

net.ipv4.ip_forward = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0

sudo sysctl -p

💥8. Automating Tasks with Scripts💥

To enhance efficiency, you can automate routine security checks using shell scripts.
✨✨Here is the example Script: Security Audit Script✨✨

nano security_audit.sh

#!/bin/bash

echo "Starting Security Audit..."

# Check for Unused Accounts
echo -e "\nChecking for unused accounts..."
awk -F: '{ print $1 }' /etc/passwd

# Enforce Password Policies
echo -e "\nPassword policy for user 'username':"
sudo chage -l username

# Check currently logged-in users
echo -e "\nCurrently logged-in users:"
w

# List running processes
echo -e "\nRunning processes:"
ps aux

# List open network connections
echo -e "\nOpen network connections:"
netstat -tulpn

# Scan for open ports
echo -e "\nScanning for open ports:"
nmap -sS localhost

# Check authentication logs for failed login attempts
echo -e "\nFailed login attempts:"
sudo grep "Failed password" /var/log/auth.log

echo "Security Audit Complete."

Make the script executable:

chmod +x security_audit.sh

Run the script:

./security_audit.sh

💥9. Conclusion💥

Performing a quick Linux security audit involves a combination of proactive checks and ongoing monitoring. By utilizing the tools, commands, and scripts discussed, you can streamline your daily security checks and quickly identify potential issues. Remember to:
✳Keep your system and software up to date.
✳Monitor logs regularly for any unusual activities.
✳Limit user permissions to the minimum necessary.
✳Use automation to reduce manual workload and minimize errors.
✳Regularly backup critical data and test recovery procedures.
✳Harden your system by following best practices for file permissions, network security, and user management.
Regular audits, combined with robust policies, will go a long way in ensuring a secure Linux environment.

💥💥Share Your Thoughts💥💥

Do you have additional tips or scripts that help in Linux security audits? Share them in the comments below!