The Practice of Linux security dimension list

Others 2019-09-10 11:27:56 views: null

Linux operation and maintenance of security

Documentation will be updated at any time, last updated on: 20190901

This document is a possible practice of real-time updates of Linux operation and maintenance of security implementation-related inventory for> Implementation> Check the operation and maintenance of linux-related security plans> Improved

1 safety principles

Some provisions of the basic safety principles before implementing security measures, so that the hearts of Vals, looks as mountains and rivers

  • Defense Information and System Security is multifaceted defense in depth, in order from the outer to the inner layer, including five layers: physical security defense> network security defense> Host Security Defense> application security defense> Data Security
  • Least privilege rule, give the user, only minimal rights program, the system to perform its function
  • Try to use a whitelist instead of black list
  • Use intrusion detection systems for early detection of hacker attacks
  • Regular vulnerability scanning system, Rootkit, virus
  • Security awareness training operation and maintenance personnel, operation and maintenance of the security document written in unified security norms

2 Physical security defense

Defense is the physical layer of the first layer of defense, regardless of the size of the room should pay attention

  • Room locked the door and into the room to avoid someone took a sledgehammer smashed servers, routers, switches, air conditioning
  • Use UPS, prevent server downtime caused by power failure

Network security defense

The network is able to touch the most direct tentacle your server, you need to guard against

  • Using a network firewall, use a hardware firewall such as juniper, cisco and other brands of hardware firewall at the network edge, use a software firewall such as iptables in the operating system layer, fine-grained network access control
  • For public cloud deployment to network security defense, to try to minimize the number of cloud servers and ports exposed, using a secure server group set up network access control
  • Use bastion machine, such as open source jumpserver
  • DDos attack prevention, DDos defense service using the cloud vendors, using the CDN to increase the carrying capacity
  • Set up a VPN, connect different areas of the network or server for teleworkers to use, or to connect different local area networks
  • Network security analysis tool, you can use tcpdump, wireshark

3 host security defense

Broke through the defense network of tentacles reach your server, do not let him go on

3.1 Linux User Security Management

  • Prohibit the root user login ssh server, ssh for the establishment of a separate user login, password instead of using a key landing
  • To ensure that the user's password complexity to eliminate weak passwords, weak passwords or hydra John ther ripper tool to check for weak passwords
  • Security configuration sudo, given different user needs of least privilege
  • Defining a user can use su prevent unauthorized users to root and

3.2 File System Security

  • Use change sXid monitor SUID and SGID types of files
  • Use to recover deleted files extundelete
  • Srm and use the dd command to securely erase sensitive files

4 Linux application security

Linux application security including security-related settings of the application installed on Linux, according to a survey of the most common sites of high-risk vulnerability is cross-site scripting attacks, SQL injection, PHP error information leakage, database run-time errors

  • Open source web firewall (WebApplication Firewll, WAF), Apache can use ModSecurity, Nginx can use NAXSI, with a total of firewall can buy cloud WAF
  • Avoid using HTTPS middle attacks and prevent sniffing on the network,
  • PHP Security Configuration
    • Note vulnerabilities PHP development framework
    • Configuration file error message display ban
    • Prohibit PHP remote file open
    • PHP remote file include prohibiting
    • Set "HTTPonly" attribute and a series of security configuration in the Cookie
  • Tomcat Security Configuration
    • Delete the default application under the webapps directory
    • A dedicated launch customer for the Tomcat
    • Turn off automatically deploy the WAR
    • Custom Error Pages
  • MySQL Security
    • Only deployed on the network server
    • Can access only Web server through the firewall settings
    • Use separate ordinary users to run MySQL service
    • After the installation delete the test database
    • Users authorize the use of the principle of minimizing the authorization
    • Regular backups of data, prevent data loss

Using Linux security scanning tools

  • Use network scanning tools masscan, nmap scanning and discovery and opening the port corresponding to the port identification applications
  • The use of open-source Web vulnerability scanning tools such as Nikto2, OpenVAS vulnerability scanning Web
  • SQLMap use SQL injection penetration testing

Deployment of intrusion detection system

  • Open source intrusion detection system OSSEC or commercial intrusion detection system ivy cloud, Ann Knight
  • Use Kippo set up SSH honeypot intrusion record

Linux RootKit virus and Trojan checks

  • Use Chkrootkit, Rkhunter Rootkit scanning and checking critical system files
  • Trojan virus scanning using ClamAV
  • Use LDM check Webshell

Security log collection

  • Build security log Syslog-ng to collect remote server

Threat intelligence gathering

  • By threat intelligence website collects threat intelligence, more well-known micro-step online threat intelligence community, 360 threat intelligence centers, IBM threat intelligence center

After the intrusion detection

If all means of defense fails, after being attacked in a timely manner to deal with the investigation

  1. Commonly used to detect whether the program is replaced, there is repair
  2. Rootkit scan using chkrootkit and rkhunter
  3. Scan for viruses using ClamAV
  4. Detection of hidden directories and files
  5. See recent Record of Landing
  6. See if there is an abnormal process, hide processes, files and view port abnormal process open
  7. Check network connections and listening ports, particular attention is connected to an external address season of active connection
  8. Check arp record is normal
  9. Check the security logs, application logs, bash_history
  10. Check for Webshell
  11. Reinstall the system, to change the original password

Guess you like

Origin www.cnblogs.com/leavot/p/11442223.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com