Linux is an open-source operating system that many people and organizations find great use in, even with strong competitors like Windows and macOS. As with any other system, protecting your user accounts is critical.
This article will explain all you need to know about protecting your Linux account and preventing outside access.
Ways to improve Linux account security
Linux is historically considered more secure than competitors, thanks to how it handles user permissions. The fact that it isn’t as popular also makes it a lesser target for threat actors.
Still, with the boost in popularity and the increase in cyberattacks, Linux users have to take steps to prevent falling victim to hackers.
Here are six ways to protect your Linux user account:
Set expiration dates for temporary accounts
Organizations can automatically delete temporary accounts to prevent data breaches from unused accounts. This can be useful with interns or other temporary employees. Often, organizations forget to get rid of these temporary accounts, bringing unnecessary risk.
To see current account expiration settings:
- Use the chage command with the grep utility.
- If you want to set a custom expiration date, enter the usermod command with the e-flag.
- Set the expiration date in the YYYY-MM-DD format.
Encrypt all drives
One unique thing about Linux is that it asks users to encrypt their drives during installation. Most people do, but those that haven’t can do so by executing a few commands through the Linux Unified Key Setup (LUKS). You can follow this guide for detailed steps.
You can also use encrypted cloud storage as an extra measure for protecting sensitive data. Doing so will prevent data loss by storing it on a third-party service.
Restrict root access
A default Linux installation establishes a root account that anyone can access via SSH. This means that anyone with root access can control all user accounts on the device.
Threat actors can set up bots to orchestrate brute-force attacks. To address this vulnerability, you can either disable SSH root login or create another user with root privileges.
Disabling SSH root login
Enter the “/etc/ssh/sshd config” command to access the file responsible for configuring SSH. Next, open the file with a text editor, and enter the “#PermitRootLogin no” command to disable root login.
Creating a new superuser
Granting root privileges to a regular user will help you monitor ordinary users on the device. You’ll be able to see and restrict the commands they enter. You can also limit their capabilities based on what they need to do their job.
Granting a regular user root privileges is easy. You just need to add that user to the sudo group with the following command: usermod -aG sudo username.
Utilize password security settings
Having strong passwords for your accounts is critical for preventing outside access. Linux inherently has several settings that will help you maintain solid password hygiene.
One of those settings is password expiration dates. Similar to account expiration, setting a password expiration will force you to change the password as soon as it expires. You can set and edit the date to whatever you want by using the change command: change -l username | grep days.
Hashing passwords is another excellent way to enhance password security. Hashing is a process in which a standard password input is turned into a different string. Linux stores password hashes in the /etc/shadow file.
Restrict remote access
Remote work has made it popular for users to access devices remotely. While there’s no reason to remove the remote access functionality altogether, you can restrict it to only allow select users to access it.
With OpenSSL, you can decide whether to allow a user to access the network by checking if it belongs to a user group.
You can create a user group with remote access by following these steps:
- Create a group called ssh_gp.
- Add the users you want with the following command: sudo usermod -a -G editorial user1
- Set the following user information:
# sudo groupadd ssh_gp
# sudo gpasswd -a username ssh gp
groups username
- Open the main OpenSSL configuration file and add the following:
# sudo vim /etc/ssh/sshd_ config
Al louGroups ssh_ gp
Enable automatic OS & software updates
Developers are constantly updating Linux and other software on your computer to address various vulnerabilities. With new risks emerging every day, it’s important to install the latest updates as soon as possible.
Follow this official guide on how to enable automatic security updates in Linux.
Final Thoughts
Linux is one of the safest operating systems. Yet, with its increasing popularity and high rate of attacks, it’s becoming increasingly vulnerable.
Employing the best practices to protect your Linux user accounts can have a significant impact in ensuring safety. You can start out with the ones mentioned in this article, but always stay updated on the newest Linux security threats and trends.
We are giving you exclusive deals to try Linux Servers for free with 100$ credit, check these links to claim your 100$,
DigitalOcean - 100$ free credit & Linode - 100$ free credit
Check some Exclusive Deals, HERE.
Also, check out DevOps Book You should read section.