Manage Learn to apply best practices and optimize your operations.

Learning Linux security administration

Learning Linux, especially Linux security administration, can seem particularly tricky for those only well-versed in Windows. Here, security expert James Turnbull offers some pointers for getting up to speed.

Linux security administration can be very complicated and it is sometimes hard for an administrator to determine where a control is applied or managed, especially for those who only have a background in Windows. Linux administrators also have extensive command-line interaction when securing Linux. This interaction is often done with arcane-looking commands and functions. Additionally, help text and man pages are of considerably varying quality.

James Turnbull
James Turnbull

Comparatively, most Windows administrators control settings through a GUI interface or through the application of controls like group policies. They usually have good help available and Microsoft does provide some excellent documentation. For many Windows administrators used to this environment the move to the Linux world can result in some initial trepidation. This is not to suggest Windows administrators are any less skilled than their Linux counterparts. Anyone who plays heavily in the registry or with configuration languages like SDDL (Security Descriptor Definition Language) has my respect.


With the complexity in mind I'd offer several pieces of advice for getting up to speed.

Apply consistent policies and standards

Firstly, start your security administration from a consistent base. Document the policies and standards (if you haven't already) that you apply to your Windows environment. Then look to apply those same policies and standards in your Linux environment. This consistent approach will make overall security management much easier.

Take advantage of training courses in Linux and Unix

Secondly, references materials and books can be excellent sources of information but are limited by their finite nature. Send your staff on training courses or utilize CBT training materials. Training courses -- specifically in Linux security -- seem to be rather thin on the ground at the moment. But organizations like SANS often run Unix security courses that heavily utilize and discuss Linux (in addition to other flavors of Unix).

More on this topic

Linux, remember your training

Torvalds, OS experts: What it takes to make a career in open source

I'd recommend that your Linux administration staff go on a training course (preferably one with hands-on labs). Whilst books and other reference materials are very useful, there is nothing better than hands-on experience of security administration -- especially if the instructor is able to provide real-world context and content for the course as many of the SANS courses offer. Obviously it can be expensive to train your staff like this. But consider this cost in light of the potential cost of a breach or a security-related outage caused by poor security on your systems.

More from James Turnbull

Open source tools for security configuration, administration

Hardening Linux: Firewall implementation

How netfilter and iptables harden Linux

Eliminating spam with SpamAssassin, DSPAM and ClamAV

Ask James your security questions

Use the community

Thirdly, utilize the Linux community. A number of sites, mailing lists and forums exist that discuss Linux security and application and database security on Linux. These resources often provide excellent (and free) advice on how to secure your systems.

Remember, though, that not everyone offers good advice and not everyone agrees on what is the appropriate security configuration. Any advice you glean from the community should be backed up by further research and testing to ensure it suits your security requirements and environment.

It can be a steep (and sometimes expensive) learning curve to become proficient in Linux security, but the return in terms of protection of your assets and the mitigation of risks to your organization is well worth it.

Dig Deeper on Linux servers