Security Commands
System security and access control commands
User Management
User account management and administration
# Add user
sudo useradd username
# Add user with home directory
sudo useradd -m username
# Set user password
sudo passwd username
# Delete user
sudo userdel username
# Delete user with home directory
sudo userdel -r username
# Add user to group
sudo usermod -a -G groupname username
# Remove user from group
sudo gpasswd -d username groupname
# Show user information
id username
# Show user groups
groups username
# Show all users
cat /etc/passwd
# Show user login history
last username
# Show current logged in users
who
# Show user activity
w
# Lock user account
sudo usermod -L username
# Unlock user account
sudo usermod -U username
# Set user shell
sudo usermod -s /bin/bash username
# Set user home directory
sudo usermod -d /new/home username
Individual commands:
sudo useradd username
sudo useradd -m username
sudo passwd username
sudo userdel username
sudo userdel -r username
sudo usermod -a -G groupname username
sudo gpasswd -d username groupname
id username
groups username
cat /etc/passwd
last username
who
w
sudo usermod -L username
sudo usermod -U username
sudo usermod -s /bin/bash username
sudo usermod -d /new/home username
SELinux Management
SELinux security policy management
# Check SELinux status
sestatus
# Show SELinux context
ls -Z
# Show SELinux context for file
ls -Z /path/to/file
# Set SELinux context
sudo chcon -t httpd_exec_t /path/to/file
# Restore SELinux context
sudo restorecon /path/to/file
# Restore SELinux context recursively
sudo restorecon -R /path/to/directory
# Show SELinux policy
semanage fcontext -l
# Add SELinux policy
sudo semanage fcontext -a -t httpd_exec_t "/path/to/file(/.*)?"
# Show SELinux booleans
getsebool -a
# Set SELinux boolean
sudo setsebool -P httpd_can_network_connect 1
# Show SELinux audit logs
ausearch -m avc
# Show SELinux violations
ausearch -m avc -ts recent
# Disable SELinux (temporary)
sudo setenforce 0
# Enable SELinux (temporary)
sudo setenforce 1
# Disable SELinux permanently
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
Individual commands:
sestatus
ls -Z
ls -Z /path/to/file
sudo chcon -t httpd_exec_t /path/to/file
sudo restorecon /path/to/file
sudo restorecon -R /path/to/directory
semanage fcontext -l
sudo semanage fcontext -a -t httpd_exec_t "/path/to/file(/.*)?"
getsebool -a
sudo setsebool -P httpd_can_network_connect 1
ausearch -m avc
ausearch -m avc -ts recent
sudo setenforce 0
sudo setenforce 1
sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
SSH Security
SSH security configuration and management
# Show SSH configuration
cat /etc/ssh/sshd_config
# Test SSH configuration
sudo sshd -t
# Restart SSH service
sudo systemctl restart sshd
# Show SSH connections
ss -tulpn | grep :22
# Show SSH logs
journalctl -u sshd
# Show SSH login attempts
grep "Failed password" /var/log/secure
# Show SSH successful logins
grep "Accepted password" /var/log/secure
# Generate SSH key
ssh-keygen -t rsa -b 4096
# Copy SSH key to remote host
ssh-copy-id user@hostname
# Test SSH connection
ssh -v user@hostname
# Show SSH client configuration
cat ~/.ssh/config
# Disable SSH root login
sudo sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
# Change SSH port
sudo sed -i 's/#Port 22/Port 2222/' /etc/ssh/sshd_config
# Show SSH key fingerprints
ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub
Individual commands:
cat /etc/ssh/sshd_config
sudo sshd -t
sudo systemctl restart sshd
ss -tulpn | grep :22
journalctl -u sshd
grep "Failed password" /var/log/secure
grep "Accepted password" /var/log/secure
ssh-keygen -t rsa -b 4096
ssh-copy-id user@hostname
ssh -v user@hostname
cat ~/.ssh/config
sudo sed -i 's/#PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sed -i 's/#Port 22/Port 2222/' /etc/ssh/sshd_config
ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub