Reframing Linux Security: A DevSecOps Bootcamp Experience

I Thought I Knew Linux. This Lab Proved Me Wrong.

The ParoCyber DevSecOps Bootcamp assignment forced me to think like a security engineer, revealing the importance of understanding Linux’s security design. The lab’s scenarios, including a password state investigation and a full onboarding simulation, exposed the difference between using Linux and securing it.

Why This Matters

The technical reality of Linux security is often misunderstood, with many users unaware of the deliberate security design behind files like /etc/passwd and /etc/shadow. Ideal models of security often overlook the human factor, such as the reasoning behind commands and the potential consequences of certain actions. In the context of the lab, the failure to understand these concepts could lead to vulnerabilities and security breaches, highlighting the importance of applying a security lens to every decision.

Key Insights

• The /etc/shadow file stores actual password data, and its root-only access is a deliberate security design (source: Linux documentation)
• Service accounts with non-login shells are a security best practice, as they prevent interactive login and reduce the attack surface (example: ci_runner service account)
• Removing a user without deleting their home directory is a security consideration, as it may contain forensic data (tool: userdel command)

Working Examples

Creating a service account with a non-login shell

sudo useradd -r -s /usr/sbin/nologin ci_runner

Removing a user without deleting their home directory

sudo userdel yaa

Practical Applications

• Use case: Creating service accounts with non-login shells for automated pipelines (Company: Stripe, Behavior: Reduced attack surface)
• Pitfall: Deleting a user’s home directory immediately after removal (Common anti-pattern: Destroying forensic data, Consequence: Potential security breaches)

References:

• https://dev.to/yaak/i-thought-i-knew-linux-this-lab-proved-me-wrong-2ljp