In fact, now major companies, as long as they recruit operation and maintenance personnel, will definitely mention Linux. So, what is this Linux? Linux is a set of Unix-like operating systems that are free to use and spread freely. It is a multi-user, multi-tasking, multi-threading and multi-CPU operating system based on POSIX and UNIX. It can run major UNIX tools, applications and network protocols. It supports 32-bit and 64-bit hardware. Linux inherits the network-centric design idea of Unix, and is a multi-user network operating system with stable performance. So how do you deal with security?
1.ssh
Change the default port (of course, if the professional wants to hack you, it will come out after scanning)
Disable root login
Use ordinary users + key authentication + sudo rules + ip address + user restrictions
Use hostdeny similar explosion-proof cracking software (more than a few attempts to block directly)
Filter logged in users in /etc/passwd
- firewall
The firewall production environment must be open, and the minimum principle must be followed, drop all, and then release the required service ports.
3. Fine-grained permissions and control granularity
Services that can be started by ordinary users must not use root, and control the permissions of various services to a minimum, and the control granularity should be fine.
4. Intrusion detection and log monitoring
Use third-party software to detect changes in key system files and various service configuration files at all times
For example, /etc/passwd, /etc/my.cnf, /etc/httpd/con/httpd.con, etc.;
Use a centralized log monitoring system to monitor /var/log/secure, /etc/log/message, FTP upload and download files and other alarm error logs;
In addition, for port scanning, you can also use some third-party software, and if it is scanned, it will be directly pulled into host.deny. This information is very helpful for troubleshooting after the system is compromised. It has been said that the cost of a company's investment in security is directly proportional to the cost of being lost by a security attack. Security is a big topic and a very basic work. If the foundation is well done, the system security can be improved considerably. Sex, and the rest is done by security experts.
daily monitoring
1. System operation monitoring
Many people start operation and maintenance from monitoring, and large companies generally have professional 24-hour monitoring operation and maintenance. System operation monitoring generally includes hardware occupancy
Common ones are memory, hard disk, cpu, network card, os including login monitoring, system key file monitoring
Regular monitoring can predict the probability of hardware damage and bring useful functions to tuning
2. Service operation monitoring
Service monitoring is generally a variety of applications, web, db, lvs, etc., which generally monitor some indicators
Performance bottlenecks in the system can be quickly found and resolved.
3. Log monitoring
The log monitoring here is similar to the secure log monitoring, but here are generally hardware, os, and application error reporting and alarm information
Monitoring is really useless when the system is running stably, but once a problem occurs, you will be very passive if you don't monitor it.