Book Image

Hands-On Linux Administration on Azure - Second Edition

By : Kamesh Ganesan, Rithin Skaria, Frederik Vos
Book Image

Hands-On Linux Administration on Azure - Second Edition

By: Kamesh Ganesan, Rithin Skaria, Frederik Vos

Overview of this book

Thanks to its flexibility in delivering scalable cloud solutions, Microsoft Azure is a suitable platform for managing all your workloads. You can use it to implement Linux virtual machines and containers, and to create applications in open source languages with open APIs. This Linux administration book first takes you through the fundamentals of Linux and Azure to prepare you for the more advanced Linux features in later chapters. With the help of real-world examples, you’ll learn how to deploy virtual machines (VMs) in Azure, expand their capabilities, and manage them efficiently. You will manage containers and use them to run applications reliably, and in the concluding chapter, you'll explore troubleshooting techniques using a variety of open source tools. By the end of this book, you'll be proficient in administering Linux on Azure and leveraging the tools required for deployment.
Table of Contents (14 chapters)
13
Index

Linux Security Tips

Before we deep dive into all the great security measures you can take, here are some tips regarding security.

Security implementation on multiple levels is, in general, a good idea. This way, a hacker requires different approaches to gain access, and this costs them time. Because of this time, and hopefully also because of logging and monitoring, you have a greater chance of detecting unauthorized access.

For files and directories, DAC is still a very good foundation. Make the permissions on files and directories as strict as possible. Check the owner and group ownership and use access control lists (ACLs) instead of permissions for unauthorized users. Try to avoid using the suid/sgid bit as much as possible. Are there users who need to change their own password? No? Then remove that bit from the passwd command.

Use partitioning, especially for directories such as /tmp, /var, /var/tmp, and /home, and mount them with the noexec, nodev, and nosuid flags:

...