Linux File System Security Guide

April 17, 2024

linux security filesystem

Disclaimer: The examples, configurations, and code snippets provided in this article are for educational purposes only. While we strive for accuracy, there is no guarantee these will work in your specific environment. Always test configurations in a safe environment first and adapt them to your specific needs and security requirements.

Critical File Permissions

System File Permissions

# Secure important system files
sudo chmod 644 /etc/passwd
sudo chmod 600 /etc/shadow
sudo chmod 644 /etc/group
sudo chmod 600 /etc/gshadow

# Verify permissions
ls -l /etc/{passwd,shadow,group,gshadow}

SUID/SGID Control

# Find SUID files
sudo find / -type f -perm -4000 -ls

# Find SGID files
sudo find / -type f -perm -2000 -ls

# Remove unnecessary SUID/SGID bits
sudo chmod u-s /path/to/file

File System Mounting

Secure Mount Options

# Edit fstab
sudo nano /etc/fstab

# Add security options
/dev/sda1 /     ext4  defaults,noexec,nosuid,nodev 0 1
/dev/sda2 /home ext4  defaults,nosuid,nodev 0 2

File Integrity Monitoring

AIDE Setup

# Install AIDE
sudo apt install aide

# Initialize database
sudo aideinit

# Configure daily checks
sudo nano /etc/aide/aide.conf

# Example rule
/etc/passwd Full
/etc/shadow Full