Prerequisites Linux security configuration

Others 2019-06-16 17:10:15 views: null

Why 80% of the code can not do farming architect? >>>  hot3.png

Preface: safety is no small matter, as a full-time system administrator to create a secure linux system administrator is a basic quality of, say 8:00 the following prerequisites security configuration . 1, account management 
vi /etc/passwd
Changing the root uid number, the average user uid to 0, the root into ordinary users, ordinary users to become root, root even been cracked, and no permission to carry out any operation 2, the establishment of common user for routine operation, no modify the server configuration and file permissions. It requires that each person can access the server uses its own account. Past with the linux accidentally executes the rm -rf /, the consequences could be disastrous, but now linux will not happen again this problem. 3, vi / etc / shadow root (user): $ 6 $ Dk1P.79EyYpRW4me $ NvmMatdSAsAENx9yxS8 / ZYC3d7h4dZni7mcDA6 9ZQmHGfBBHJuHluZYg2HPJ1jDwRaS5z5QA0YeRFECCKmy3A (encrypted passwords) /: 15846 (the last time the password): 0 (minimum time change password): 99999 ( the maximum time to change the password, usually set to 30 days): 7 (remind password change time) ::: 4, issue vi / etc / ssh / sshd_config prot 22766 ports may be modified from time to modify, I also recommend doing a port in iptables security configuration, reject out all ports, designated IP allows 22, if you do not have a fixed IP, recommended to modify the fixed IP. 5, the blocking system response to any ping from the external / internal requests echo "1"> / proc / sys / net / under ipv4 / icmp_echo_ignore_all default "icmp_echo_ignore_all" is "0", indicates respond to the ping. Added to rc.local 6, prohibiting Ctrl-Alt-Delete key combination to reboot the system default settings of linux, press the Control-Alt-Delete key, the system will automatically restart, it is very safe, so to prohibit Control -Alt-Delete key combination to reboot the system, simply modify / etc 
/inittab文件:
[root@localhost ~]#vi /etc/inittab
Find this line: ca :: ctrlaltdel: / sbin / shutdown -t3 -r before now add "#" and then do: 
[root@localhost ~]#telinit q
7, delete unnecessary default user and group accounts more, the more insecure the system, the more vulnerable to attack. Delete unnecessary user system with the following command 
[root@localhost ~]# userdel username
Delete unnecessary system group with the following command: 
[root@localhost ~]# groupdel  groupname
Linux systems can delete the default users and groups are: delete user, such as adm, lp, sync, shutdown, halt, news, uucp, operator, games, gopher and so on. Group to delete, such as adm, lp, news, uucp, games, dip, pppusers, popusers, slipusers and so on. 8, turn off selinux SELinux is short for Security-Enhanced Linux is a kernel mandatory access control security system, the current SELinux has been integrated into the mainline and most Linux distributions Linux 2.6 kernel, SELinux because the existing Linux applications and Linux kernel module compatibility are still some problems, it is recommended for beginners to turn off selinux, wait until after linux have in-depth knowledge, and then the selinux-depth study later! View selinux linux system is enabled, you can use getenforce command: 
[root@localhost ~]# getenforce
Disabled
Close selinux, in redhat series release, you can modify the file directly as follows: 
[root@localhost ~]#vi /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=targeted
The SELINUX = enforcing modify disabled as SELINUX =, reboot the system will stop SElinux. selinux powerful, with the number of brothers can not shut down, sometimes I found always install apache will not start, selinux are generally caused by the above configuration linux as the company recommended security configuration initialization Remember this article address:.. Linux Prerequisites security configuration http://www.ttlsa.com/html/1702.html

Reproduced in: https: //my.oschina.net/766/blog/210897

Guess you like

Origin blog.csdn.net/weixin_34168700/article/details/91546801
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com