Error 404 Learning Guide

Security Basics

Basic Linux security concepts explained in a public-safe way.

Use this page to understand safe administration habits, users, passwords, SSH, updates, firewall basics, logs, and common security checks.

Security mindset

Good security starts with simple habits:

use strong passwords
use SSH keys where possible
do not share private keys
keep systems updated
limit sudo access
check logs
use firewalls
remove unused services
backup important data

Security is not one command. It is a set of habits.

Least privilege

Least privilege means users and services should only have the access they need.

Examples:

normal users should not be root
services should not run as root unless required
sudo access should be limited
write access should be limited
public access should be intentional

Check current user

whoami

Check user ID and groups:

id

Check another user:

id USERNAME

Root account

root is the administrator account.

Root can change or delete almost anything.

Be careful with:

sudo su -
sudo -i

Before running commands as root, ask:

Am I on the correct server?
Do I understand the command?
Can this delete or change data?
Do I have approval?

Sudo

Check sudo access:

sudo -l

Check sudoers syntax:

sudo visudo -c

Edit sudoers safely:

sudo visudo

Do not edit /etc/sudoers directly with a normal editor.

Password basics

Good password rules:

use long passwords
do not reuse passwords
do not share passwords
do not store passwords in scripts
do not paste passwords into tickets or chats
use a password manager

Change password:

passwd

Change another user’s password:

sudo passwd USERNAME

Account checks

Check if user exists:

getent passwd USERNAME

Check account status:

sudo passwd -S USERNAME

Lock account:

sudo usermod -L USERNAME

Unlock account:

sudo usermod -U USERNAME

SSH security

SSH is one of the most important services to secure.

Check SSH service:

systemctl status sshd

Check SSH is listening:

ss -tulpn | grep :22

Useful SSH settings:

PermitRootLogin
PasswordAuthentication
PubkeyAuthentication
AllowUsers
AllowGroups
DenyUsers
DenyGroups

Search SSH config:

sudo grep -Ei "PermitRootLogin|PasswordAuthentication|PubkeyAuthentication|AllowUsers|AllowGroups|DenyUsers|DenyGroups" /etc/ssh/sshd_config /etc/ssh/sshd_config.d/* 2>/dev/null

Check SSH config syntax:

sudo sshd -t

Restart SSH carefully:

sudo systemctl restart sshd

Keep another session open when changing SSH remotely.

SSH keys

Never share private keys.

private key = keep secret
public key  = can be added to authorized_keys

Correct permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub

Server-side permissions:

sudo chmod 700 /home/USERNAME/.ssh
sudo chmod 600 /home/USERNAME/.ssh/authorized_keys
sudo chown -R USERNAME:USERNAME /home/USERNAME/.ssh

Firewall basics

On many RHEL systems, firewalld is used.

Check firewall state:

sudo firewall-cmd --state

List active configuration:

sudo firewall-cmd --list-all

List open ports:

sudo firewall-cmd --list-ports

List allowed services:

sudo firewall-cmd --list-services

Open a port temporarily

sudo firewall-cmd --add-port=8080/tcp

Temporary changes do not survive reload/reboot.

Open a port permanently

sudo firewall-cmd --add-port=8080/tcp --permanent
sudo firewall-cmd --reload

Remove a permanent port

sudo firewall-cmd --remove-port=8080/tcp --permanent
sudo firewall-cmd --reload

Updates

Package updates fix bugs and security issues.

Check available updates:

sudo dnf check-update

Update packages:

sudo dnf update

Be careful on production systems. Updates can affect services.

Check installed packages

rpm -qa

Search installed package:

rpm -qa | grep PACKAGE_NAME

Check package info:

dnf info PACKAGE_NAME

Logs

Logs are important for security checks.

Common logs:

journalctl
/var/log/secure
/var/log/messages

Check SSH/authentication logs:

sudo tail -n 100 /var/log/secure

Search failed logins:

sudo grep -i "failed" /var/log/secure

Check recent system errors:

journalctl -xe
journalctl -p err -b

SELinux basics

SELinux is a security system used on RHEL-based systems.

Check status:

getenforce
sestatus

Common modes:

Enforcing   = SELinux policy is active
Permissive  = SELinux logs denials but does not block
Disabled    = SELinux is disabled

Check recent SELinux denials:

sudo ausearch -m avc -ts recent

Do not blindly disable SELinux. Understand the denial first.

Check listening services

ss -tulpn

Ask:

Should this service be listening?
Should it listen on all interfaces?
Should it be public?
Is the firewall allowing it?

File permissions

Check permissions:

ls -l FILE
ls -ld DIRECTORY

Avoid:

chmod 777 FILE

Be careful with:

chmod -R
chown -R

Basic hardening ideas

disable unused services
limit open firewall ports
use SSH keys
avoid root login
use sudo carefully
keep packages updated
check logs regularly
use strong passwords
remove unused accounts
backup important data

First command set

whoami
id
sudo -l
systemctl --failed
ss -tulpn
sudo firewall-cmd --list-all
getenforce
sudo tail -n 100 /var/log/secure
journalctl -p err -b

Dangerous actions

Be careful with:

disabling SELinux
opening firewall ports permanently
granting sudo access
allowing root SSH login
enabling password SSH login
changing SSH config remotely
deleting accounts
chmod 777
recursive chown/chmod