Posted January 19Jan 19 You are reading Part 8 of the 57-part series: Harden and Secure Linux Servers. [Level 1]This series covers progressive security measures, from fundamental hardening techniques to enterprise-grade defense strategies. Each article delves into a specific security practice, explaining its importance and providing step-by-step guidance for implementation.To explore more security best practices, visit the main guide for a full breakdown of all levels and recommendations.File permissions control who can read, write, or execute files on your Linux server. If sensitive files, such as SSH configuration files or log files, have weak permissions, attackers or unauthorized users could modify or access critical system data.By restricting file permissions, you prevent unauthorized access and reduce the risk of security breaches.How to Restrict Access to Important FilesSecure SSH Configuration File:sudo chmod 600 /etc/ssh/sshd_config600 โ Only the root user can read and write; no one else can access it.Secure Authentication Logs:sudo chmod 640 /var/log/auth.log640 โ The root user can read/write; the group can read; others have no access.Additional File Security Measures:โ Restrict access to /etc/passwd and /etc/shadow (stores user credentials):sudo chmod 644 /etc/passwd # Readable by all, but only writable by root sudo chmod 600 /etc/shadow # Only root can accessโ Set permissions for SSH private keys (if using key-based authentication):sudo chmod 600 ~/.ssh/id_rsa sudo chmod 644 ~/.ssh/id_rsa.pubPrivate keys (id_rsa) should never be world-readable.โ Restrict access to critical system directories:sudo chmod 750 /etc sudo chmod 750 /var/logโ Prevent unauthorized execution of scripts:If you have custom scripts that shouldn't be executed by unauthorized users, use:sudo chmod 700 /path/to/script.sh700 โ Only the owner can read, write, and execute; no one else has access.Best Practices for File Permissions:๐น Use ls -l filename to check current permissions before changing them.๐น Be cautious with chmod 777โthis makes a file fully accessible to everyone, creating a security risk.๐น Regularly review file permissions to ensure only necessary access is granted.๐น Use chown to assign correct ownership:sudo chown root:root /etc/ssh/sshd_config(Ensures only the root user owns critical configuration files.)By setting proper file permissions, you prevent unauthorized access, protect sensitive data, and reduce the risk of system compromise, keeping your Linux server secure and controlled.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.