There are many aspects of security on Linux systems, from setting up accounts to ensuring that legitimate users don’t have more privileges than they need to do their jobs. In this post, I show you some of the basic Linux cybersecurity commands for daily work.
Running privileged commands with sudo, rather than changing the user to root, is an essential good practice, as it helps to ensure that root privileges are only used when necessary and limit the impact of errors. Access to the sudo command depends on the settings in the / etc / sudoers and / etc / group files.
The visudo command allows us to make changes to the / etc / sudoers file by opening the file in a text editor and checking the syntax of its changes. n those cases, we don’t need to use the visudo command at all: we just need to familiarize ourselves with groups that grant root privileges like this and make updates in the / etc / group file.
WHO and W
The who and w commands show who is logged into the system, although w shows more information, such as where they logged in from, when they logged in, and how long they have been idle.
The find command is used to do many types of searches. When it comes to security, we may find ourselves looking for files that don’t have owners (no corresponding accounts) or are writable for everyone, in addition to executables. Search commands are easy to compose but require some familiarity with its many options to define what we need in search. In the first of these two commands, we will find files without defined owners; in the second, we will find files that probably anyone can execute and modify.