Linux Security Commands

Security work blends visibility and control. sshd -T prints effective SSH daemon settings—compare with disk files after includes. sysctl reads kernel tunables like IP forwarding and rp_filter. Integrity tools (aide, rpm -V, debsums) detect changed binaries. last and lastb show logins; faillock surfaces lockouts on PAM systems. Pair with firewall review from nft list ruleset.

Area	Command	Insight
SSH	sshd -T \| grep -i permit	Confirm root login and password policy
Kernel	sysctl -a \| grep forward	Spot unintended routing
Auth	last -ai	See remote IPs and times

SSH commands, firewall commands, sudo, users and permissions

It resolves defaults and included snippets to the effective runtime values actually enforced.

Whether the kernel routes IPv4 between interfaces—should stay off on non-router hosts.

AIDE hashes filesystem baselines broadly; rpm -V verifies against package metadata for managed files.

Often in journald or /var/log/auth.log depending on distro—grep for sshd with journalctl.

Kernel-backed audit rules for syscalls and file access—heavy but detailed for compliance.

Use ss -ltnp as an unprivileged user for ports; escalate to map PIDs to packages.

visudo locks and syntax-checks sudoers—direct edits risk locking everyone out on error.

A permissive umask creates world-readable files—tighten defaults for multi-user systems.

Area	Command	Insight
SSH	sshd -T \| grep -i permit	Confirm root login and password policy
Kernel	sysctl -a \| grep forward	Spot unintended routing
Auth	last -ai	See remote IPs and times