{"id":6408,"date":"2019-04-16T02:30:08","date_gmt":"2019-04-16T07:30:08","guid":{"rendered":"https:\/\/www.poweradmin.com\/blog\/?p=6408"},"modified":"2019-04-16T14:25:50","modified_gmt":"2019-04-16T19:25:50","slug":"toughening-security-for-linux-servers","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/toughening-security-for-linux-servers\/","title":{"rendered":"Toughening Security for Linux Servers"},"content":{"rendered":"<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: Arial, sans-serif; color: #000000;\"><strong>By Des Nnochiri<\/strong><\/span><\/p>\n<p>\u00a0<\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">As with any other operating system, security is a prime concern with Linux network hardware. In this article, we\u2019ll be giving some recommendations on how to toughen the security posture of your Linux servers. Screenshots and example syntax relate to systems running Kali Linux, CentOS, RHEL, Ubuntu, and Debian-based Linux distributions. <\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: 'Arial',sans-serif;\">Encrypt Data for Greater Information Security<\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">Unencrypted or plaintext data held at rest or in transit across a network is vulnerable to packet-sniffing and extraction. At the very least, data in transit should be scrambled or encrypted, using a strong encryption protocol with keys and\/or digital certificates. <\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">File transfers should be executed under secure protocols such as scp, ssh, rsync, or sftp. OpenSSH, SFTP, or FTPS (FTP over SSL) add Secure Sockets Layer (SSL)\u2014or Transport Layer Security (TLS) encryption\u2014to the standard file transfer protocol (FTP). Using special sshfs and fuse tools, mounting a remote server file system or your own secure home directory is also possible.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">You can use the following syntax to remove outdated file transfer services such as NIS or rsh from your system:<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><strong><span style=\"font-family: 'Arial',sans-serif; color: black;\"># yum erase xinetd ypserv tftp-server telnet-server rsh-server<\/span><\/strong><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">On Debian- or Ubuntu-based Linux servers, the apt-get or apt commands may be used to eliminate insecure services:<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><strong><span style=\"font-family: 'Arial',sans-serif; color: black;\">$ sudo apt-get \u2013purge remove xinetd nis yp-tools tftpd atftpd tftpd-hpa telnetd rsh-server rsh-redone-server<\/span><\/strong><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">For data at rest, most Linux distributions will allow you to encrypt your hard drives before installation. On Kali Linux, choose the options \u201cGuided-use entire disk\u201d and \u201cset up encrypted LVM\u201d to set up your encrypted logical volume manager.<\/span><\/p>\n<p>\u00a0<\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\"> <a href=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2019\/04\/kali-linux.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6421\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2019\/04\/kali-linux-300x225.gif\" alt=\"\" width=\"400\" height=\"301\"><\/a><\/span><\/p>\n<p>\u00a0<\/p>\n<p style=\"margin-bottom: 0.0001pt; line-height: 150%; text-align: center;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">(Image source: <\/span><a href=\"https:\/\/www.networkworld.com\/article\/3143050\/linux-hardening-a-15-step-checklist-for-a-secure-linux-server.html\" rel=\"nofollow\" target=\"_blank\"><span style=\"font-family: 'Arial',sans-serif;\">Network World<\/span><img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a><span style=\"font-family: 'Arial',sans-serif; color: black;\">)<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: 'Arial',sans-serif;\">Isolate Network Services <\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">To limit the number of other services that could be compromised by a security breach, Linux administrators should run different network services on separate servers or virtual machine (VM) instances. Virtualization software such as OpenVZ may be set up as a separate install on RHEL and CentOS Linux distributions.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">To further secure your host network on Kali Linux, you can take the following steps:<\/span><\/p>\n<p>\u00a0<\/p>\n<ul>\n<li style=\"line-height: 150%;\"><span style=\"font-family: helvetica, arial, sans-serif; color: #333333;\">Disable IP Forwarding by setting the <strong>ipv4.ip_forward<\/strong> parameter to 0 in \u201c\/etc\/sysctl.conf\u201d<\/span><\/li>\n<li style=\"line-height: 150%;\"><span style=\"font-family: helvetica, arial, sans-serif; color: #333333;\">Disable Send Packet Redirects by setting the <strong>ipv4.conf.all.send_redirects<\/strong> and <strong>net.ipv4.conf.default.send_redirects<\/strong> parameters to 0 in \u201c\/etc\/sysctl.conf\u201d<\/span><\/li>\n<li style=\"line-height: 150%;\"><span style=\"font-family: helvetica, arial, sans-serif; color: #333333;\">Disable ICMP Redirect Acceptance by setting the <strong>ipv4.conf.all.accept_redirects<\/strong> and <strong>net.ipv4.conf.default.accept_redirects<\/strong> parameters to 0 in \u201c\/etc\/sysctl.conf\u201d<\/span><\/li>\n<li style=\"line-height: 150%;\"><span style=\"font-family: helvetica, arial, sans-serif; color: #333333;\">Enable Bad Error Message Protection by setting the <strong>ipv4.icmp_ignore_bogus_error_responses<\/strong> parameter to 1 in \u201c\/etc\/sysctl.conf\u201d<\/span><\/li>\n<\/ul>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: 'Arial',sans-serif;\">Keep Software Installations Lean and Up-to-Date<\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">The more applications or web services you have installed, the greater the potential for falling victim to software vulnerabilities or for attackers to compromise your programs. So limit the number of installations you add to the core system only to those applications that are strictly necessary. The apt-get and\/or dpkg commands, or a dedicated RPM package manager such as yum, may be used to review all the installed software on your system\u2014and they include commands for removing any unwanted packages or services.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">Here\u2019s a syntax example using dpkg and apt-get:<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><strong><span style=\"font-family: 'Arial',sans-serif; color: black;\"># dpkg \u2013list<\/span><\/strong><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><strong><span style=\"font-family: 'Arial',sans-serif; color: black;\"># dpkg \u2013info packageName<\/span><\/strong><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><strong><span style=\"font-family: 'Arial',sans-serif; color: black;\"># apt-get remove packageName<\/span><\/strong><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">It\u2019s also important to regularly update and patch your software to install the latest security fixes and benefit from the latest tools and features of your applications. On Debian or Ubuntu Linux systems, it\u2019s possible to configure unattended upgrades for your server software using the apt-get or apt commands:<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><strong><span style=\"font-family: 'Arial',sans-serif; color: black;\">$ sudo apt-get install unattended-upgrades apt-listchanges bsd-mailx<\/span><\/strong><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: 'Arial',sans-serif;\">Use Linux Security Extensions<\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><a href=\"https:\/\/www.cyberciti.biz\/tips\/linux-security.html\" rel=\"nofollow\" target=\"_blank\"><span style=\"font-family: 'Arial',sans-serif;\">Linux includes a number of security tools<\/span><img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a><span style=\"font-family: 'Arial',sans-serif; color: black;\"> that can enforce limitations on networks and other programs and guard against poorly-configured or compromised software.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\"> <a href=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2019\/04\/linux-security-extension.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-6424\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2019\/04\/linux-security-extension-300x206.gif\" alt=\"\" width=\"400\" height=\"275\"><\/a><\/span><\/p>\n<p>\u00a0<\/p>\n<p style=\"margin-bottom: .0001pt; text-align: center; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">(Image source: <\/span><a href=\"https:\/\/www.networkworld.com\/article\/3143050\/linux-hardening-a-15-step-checklist-for-a-secure-linux-server.html\" rel=\"nofollow\" target=\"_blank\"><span style=\"font-family: 'Arial',sans-serif;\">Network World<\/span><img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a><span style=\"font-family: 'Arial',sans-serif; color: black;\">)<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">SELinux (Security Enhanced Linux) provides a range of security policies for the Linux kernel, including a flexible Mandatory Access Control (MAC). The mechanism has three configuration modes:<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<ol>\n<li><span style=\"font-family: 'Arial',sans-serif; color: black;\"><strong>Disabled<\/strong>: Protection is inactive.<\/span><\/li>\n<li><span style=\"font-family: 'Arial',sans-serif; color: black;\"><strong>Permissive<\/strong>: Prints warnings if issues are detected.<\/span><\/li>\n<li><span style=\"font-family: 'Arial',sans-serif; color: black;\"><strong>Enforcing<\/strong>: Security policy is enforced.<\/span><\/li>\n<\/ol>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">Running a MAC kernel protects a Linux server from malicious or flawed applications that might damage or destroy the system. <\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: 'Arial',sans-serif;\">Set a Strong Password Policy<\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">You can use the useradd or usermod commands to create and maintain Linux user accounts. As in any IT environment, the standard criteria for strong passwords apply (eight characters or more, a mix of letters, numbers, and symbols, changed regularly). You can use the change command to configure the number of days between password changes and the date of the last password change. <\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">The passwd command can lock and unlock accounts:<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><strong><span style=\"font-family: 'Arial',sans-serif; color: black;\"># lock account<\/span><\/strong><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><strong><span style=\"font-family: 'Arial',sans-serif; color: black;\">passwd -l userName<\/span><\/strong><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><strong><span style=\"font-family: 'Arial',sans-serif; color: black;\"># unlock account<\/span><\/strong><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><strong><span style=\"font-family: 'Arial',sans-serif; color: black;\">passwd -u userName<\/span><\/strong><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">The faillog command displays failed login attempts in the form of faillog records and enables administrators to set login failure limits<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: 'Arial',sans-serif;\">Use Centralized Authentication <\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">To guard against the presence of out-of-date credentials and forgotten accounts on a network, use a centralized authentication system. A service such as OpenLDAP for clients and servers allows administrators to exercise central control over Linux or UNIX accounts and authentication data. It also allows them to keep authentication data synchronized between servers.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">Kerberos performs authentication as a trusted third-party authentication service. It uses a \u201ccryptographic shared secret\u201d policy, which assumes that packets traveling along an insecure network can be read, modified, and re-inserted. Remote login, remote copy, secure inter-system file-copying, and other high-risk tasks may be performed using symmetric-key cryptography. <\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<h2><span style=\"font-family: 'Arial',sans-serif;\">Enforce Physical Security Measures<\/span><\/h2>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">Finally, don\u2019t neglect the physical aspects of Linux network security. These include restricting physical access to data centers and hardware (authorized users, screening, surveillance, etc.). Physical security measures also encompass specific protocols for safeguarding network hardware.<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">\u00a0<\/span><\/p>\n<p style=\"margin-bottom: .0001pt; line-height: 150%; text-autospace: none;\"><span style=\"font-family: 'Arial',sans-serif; color: black;\">For example, you can disable the booting of Linux servers from external devices such as DVDs, CDs, or USB sticks. To do this, you can set BIOS and grub boot loader passwords so that other users won\u2019t be able to change and override the security settings of the server. You can also access the security settings on the admin page of any internal web servers on your Linux motherboard to change the default passwords and administrative privileges. <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>By Des Nnochiri \u00a0 As with any other operating system, security is a prime concern with Linux network hardware. In this article, we\u2019ll be giving some recommendations on how to toughen the security posture of your Linux servers. Screenshots and example syntax relate to systems running Kali Linux, CentOS, RHEL, Ubuntu, and Debian-based Linux distributions. [&hellip;]<\/p>\n","protected":false},"author":15,"featured_media":6420,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,447,42,9],"tags":[651,647,648,292,465,666,668,629,626,662,432,632,634,268,463,653,202,645,640,667,622,455,628,665,398,526,421,631,454,459,420,627,650,624,623,237,659,658,386,388,385,430,563,649,387,664,639,652,633,663,282,283,288,630,637,635,204,643,29,657,625,655,656,168,621,638,636,646,641,642,644,462,424,660,661,670,669,654],"class_list":["post-6408","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general-it","category-linux","category-security","category-technical","tag-admin","tag-apt","tag-apt-get","tag-authorized-party","tag-authorized-users","tag-bios","tag-boot-loader-password","tag-centos","tag-centralized-authentication","tag-change-command","tag-configuration","tag-data-encryption","tag-data-extraction","tag-data-security","tag-debian","tag-dpkg","tag-encryption","tag-file-transfer-protocol","tag-ftps","tag-grub","tag-information-security","tag-isolation","tag-kali-linux","tag-kerberos","tag-linux","tag-linux-command","tag-linux-configuration","tag-linux-distributions","tag-linux-isolation","tag-linux-kernel","tag-linux-network","tag-linux-network-security","tag-linux-network-services","tag-linux-security","tag-linux-server","tag-mac","tag-mac-kernel","tag-mandatory-access-control","tag-network-admin","tag-network-admin-tools","tag-network-administration","tag-network-configuration","tag-network-security","tag-network-services","tag-network-tools","tag-openldap","tag-openssh","tag-openvz","tag-packet-sniffing","tag-passwd","tag-password","tag-password-protection","tag-plaintext","tag-rhel","tag-rsync","tag-scp","tag-secure-connection","tag-secure-sockets-layer","tag-security","tag-security-enhanced-linux","tag-security-extensions","tag-security-tools","tag-selinux","tag-server","tag-server-security","tag-sftp","tag-ssh","tag-sshfs","tag-ssl","tag-tls","tag-transport-layer-security","tag-ubuntu","tag-unix","tag-useradd","tag-usermod","tag-yum","tag-yum-package-manager","tag-yum-rpm"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/6408","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/comments?post=6408"}],"version-history":[{"count":5,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/6408\/revisions"}],"predecessor-version":[{"id":6426,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/6408\/revisions\/6426"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media\/6420"}],"wp:attachment":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media?parent=6408"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/categories?post=6408"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/tags?post=6408"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}