Security Fundamentals | Jungle Scripts

Linux security isn’t one feature — it’s a discipline. The goal is to reduce risk by limiting what an attacker can do, detecting bad behavior early, and recovering quickly when something goes wrong.

Security Principles

•Least Privilege: Users and processes should have minimum necessary permissions
•Defense in Depth: Multiple layers of security controls
•Fail Secure: Systems should fail in a secure state

Threat Modeling (the practical version)

Before changing configs, decide what you’re defending against:

•What is the asset? (customer data, SSH access, API keys, production uptime)
•Who is the attacker? (internet scanners, insiders, compromised CI)
•What is the entry point? (SSH, web ports, exposed admin panels, weak creds)
•What’s the blast radius? (single host vs entire fleet, prod vs staging)

Attack Surface Inventory (quick checks)

# What ports are exposed?
$ ss -tulpn | head

# What services start at boot?
$ systemctl list-unit-files --type=service --state=enabled | head

# Who has sudo access?
$ getent group sudo
$ sudo -l

Security Checklist

✅ Keep system updated (apt update && apt upgrade)
✅ Use strong passwords and SSH keys
✅ Configure firewall (iptables/ufw)
✅ Disable unnecessary services
✅ Monitor logs regularly
✅ Set up intrusion detection (fail2ban)

What “good” looks like (baseline)

•Patch hygiene: security updates applied quickly; reboot policy defined
•Strong auth: SSH keys, no root login, and no password auth (when possible)
•Minimal exposure: only required ports open; default deny inbound
•Logging: auth/service logs monitored; suspicious patterns alert
•Recovery: backups tested; secrets rotated; incident runbook exists

✅ Practice (20 minutes)

List listening ports with ss -tulpn and explain why each must be open.
Check who can use sudo (getent group sudo and sudo -l).
Inspect authentication logs (journalctl -u ssh or /var/log/auth.log) and spot failed login attempts.