Essential commands for securing Linux systems and analyzing vulnerabilities.

1️⃣ User & Permission Management

🔹 List all users: cat /etc/passwd
🔹 Check logged-in users: who && w
🔹 Change file permissions: chmod 750 filename (Sets file permissions to owner: read/write/execute, group: read/execute)
🔹 Modify user privileges: visudo (Edit sudoers file for user permissions)
🔹 Change file ownership: chown user:group filename
🔹 Find files with SUID/SGID bit set: find / -perm -4000 -o -perm -2000 -type f

2️⃣ System & Process Monitoring

🔹 List running processes: ps aux
🔹 Monitor system activity in real time: top
🔹 Check active network connections: netstat -tulnp
🔹 Find processes listening on ports: lsof -i :PORT
🔹 Check memory usage: free -h
🔹 Monitor disk usage: df -h
🔹 List open files by a process: lsof -p PID

3️⃣ Network Security & Firewalls

🔹 Enable UFW firewall: ufw enable
🔹 Allow SSH connections: ufw allow ssh
🔹 Check open ports: ss -tulwn
🔹 Block an IP address: iptables -A INPUT -s 192.168.1.100 -j DROP
🔹 List all firewall rules: iptables -L -v -n
🔹 Flush all iptables rules: iptables --flush

4️⃣ Log Analysis & Intrusion Detection

🔹 View system logs: journalctl -xe
🔹 Check authentication logs: cat /var/log/auth.log
🔹 Monitor file changes in real-time: auditctl -w /etc/passwd -p wa -k passwd_changes
🔹 Find suspicious login attempts: grep "Failed password" /var/log/auth.log
🔹 List recent sudo commands used: cat /var/log/auth.log | grep sudo
🔹 Check kernel logs: dmesg | tail -50

5️⃣ Malware & Rootkit Detection

🔹 Scan for malware with ClamAV: clamscan -r /home
🔹 Check for rootkits with rkhunter: rkhunter --check
🔹 Find hidden processes: chkrootkit
🔹 Check running services for anomalies: systemctl list-units --type=service --state=running
🔹 Check files modified in last 24 hours: find / -mtime -1 -ls

#Linux Security & Hardening Cheatsheet