Why Learn Linux Security Basics
Linux powers a large share of servers and cloud infrastructure. Understanding a handful of built-in commands helps you monitor system health and spot suspicious activity.
Useful Defensive Commands
check active network connections
# Lists active listening ports and connections
ss -tulpn
review recent login attempts
# Shows recent successful logins
last -a
check running processes
# Lists processes sorted by CPU usage
ps aux --sort=-%cpu | head
review system update status
# Debian/Ubuntu example — lists available security updates
apt list --upgradable
check file permissions
# Displays permissions, owner, and group for a file
ls -l /path/to/file
Best Practices
- Apply the principle of least privilege — avoid running services as root unnecessarily.
- Keep packages updated regularly with your distribution's package manager.
- Disable unused services and close unnecessary open ports.
- Use SSH key-based authentication instead of passwords where possible.
- Review logs periodically for unfamiliar login attempts or errors.
These commands are for system monitoring and hardening only — always use them on systems you are authorized to administer.