Linux security principles
Core ideas
- Least privilege: grant minimum permissions needed
- Defense in depth: multiple layers (auth, firewall, hardening, monitoring)
- Secure defaults: deny-by-default for inbound access
- Auditability: logs and traces you can trust
Threat surface reduction
- Remove unused packages/services
- Close unused ports
- Limit admin access (sudo, SSH)
- Keep OS and dependencies patched
Identity and access
- Use strong authentication (keys, MFA where possible)
- Separate accounts (no shared root)
- Review sudoers and group memberships
Filesystem and process isolation
- Permissions + ownership + ACLs
- Mandatory access control: SELinux/AppArmor
- Sandboxing and containers where appropriate
Monitoring and response
- Centralize logs
- Alert on auth failures and unusual behavior
- Have a backup and restore plan