(A) solution strategies
When the interview is to have a number of business competitors, so pay attention to the dimensions and the height of the answer, it must direct spike competitors to get high-paying offer.
(B) answer tactics
Because the Trojans under Linux is often a malicious person by way of Web upload directory to upload Trojans to the Linux server can be accessed from the start based on a malicious Web site's -> Linux System -> HTTP Service -> middleware services - > program code -> DB -> storage, protective layers based cards.
(C) from the user access to answer a reference angle
1, the development of the program code to make restrictions on the upload file types, for example, can not upload .php program (JS and back-end code control).
2, upload content (including text and files) detection, detection method can be controlled by a program, Web services layer (middleware layer), database level.
3, the control upload directory permissions and rights of non-site directory (Linux file directory permissions + Web service layer control).
4, after the Trojan file transfer access and execution control (Web services layer + file system storage layer).
5, do md5 fingerprint and backup of critical configuration files, such as command and WEB configuration file.
6, install antivirus software and other clamav, regular monitoring of killing the Trojan.
7, configure the server firewall and intrusion detection services.
8, server monitoring file change, process change, change port, an important security log and timely warning.
(D) from the internal management angles: the right to prevent the rapture
1, vpn management server or Web server management.
2, within the ssh monitor network.
3, the use of stepping stones, auditing operation.
4, sudo centralized management, file locking key.
5, site directory, upload directory permissions is a set of control.
6, do the fingerprint file backup systems and site monitoring alarm.
7, dynamic password authentication.
(E) Best User Solutions
