Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Advanced Linux security settings     - Oracle row and column switch to turn columns (Database)

- How to use the process on the desktop xkill end Linux (Linux)

- JavaScript basic types and type conversion (Programming)

- Hard disk encryption to protect data security (Linux)

- The correct way of logical backup mysqldump (Database)

- To install JDK1.7 and compiler Hadoop-2.7.1 under CentOS7 (Server)

- Java Builder mode (Programming)

- Oracle metadata Reconstruction experiments (Database)

- Debian 7.7 Installation and Configuration (Linux)

- Linux / BSD firewall M0n0wall Profile (Linux)

- UNIX file permissions in the "set user ID bit" (Linux)

- Creating and extracting archives 11 tar command examples in Linux (Linux)

- Ceph Source Analysis: Network Module (Server)

- MySQL query plan key_len know all (Database)

- Overall Physical Migration of Oracle Database with (Database)

- Use calcurse schedule appointments and to-do in the Linux terminal (Linux)

- Linux file system data file deletion problem space is not freed (Database)

- CentOS system Amoeba + MySQL Master-slave configuration (Database)

- Simple to use Linux GPG (Linux)

- Oracle 10046 Event (Database)

  Advanced Linux security settings
  Add Date : 2017-08-31      
  Often heard people say, Linux operating system is more secure than Windows. The problem is that any computer connected to the network it is impossible to absolutely secure.

As we often need to pay attention to whether the solid walls of the courtyard, as the operating system also requires us to constantly maintain and strengthen. Here, we're only talking about a few users can be used to strengthen the general steps of the system.

This article focuses on talking about how to strengthen the problem, but before beginning to strengthen, users need the following three issues have a clear understanding of a problem is that this system is used for what purpose, and second, what software it needs to run, the third is the user need protection which vulnerabilities or threats. These three issues were causation, that is, before a problem is the cause of a problem after the latter problem is the previous result.

Everything from scratch

From a known safe state began to strengthen a system that is entirely possible, but in practice this strengthening can begin from a "naked" system. This means that users will have on the system disk repartition opportunity to bring all the data files and operating system files separate from it might be a prudent security measures.

The next step is to configure a minimal installation, of course, you have to allow the system to start, and then add the necessary work to complete the package. This step is critical. Why do we need a minimum of installing new ones? The reason is that fewer machine code can be exploited loopholes will be less: no one can take advantage of the loophole does not exist, is not it? You also need to patch the operating system, and had to run all applications on the system patched.

Note, however, that if someone can approach accessed from the physical machine, he is likely to start the computer from the CD or other media, and gain access to the system. Thus, the user is configured at the system's BIOS, restrictions can only start from the hard disk, and use a strong password to protect this setting.

The next step is to compile your own kernel, or to emphasize here contains only those parts you need. Once you build your own custom system is completed, reboot into the kernel, then you have the possibility of being attacked kernel will be greatly reduced. Strengthen the system but the method is not limited thereto, and the best is yet to come.

Reducing unnecessary services

After running thin system, the next step is to make sure to run only the services you need. Until now, the user has cleared a number of services, but there may be many services are still running in the background. Users need to find these services in many places, such as /etc/init.d and the like /etc/rc.d/rc.local contains multiple positions start the process, to check everything by the cron initiated. Users can also check with netstat or Nmap listening socket and other procedures. For example, many users need to disable the service may include network file systems (samba), remote access services.

Of course, can not be generalized, if you really need some services, it is necessary to try to limit the potentially damaging effect of the rest of its system, to be allowed to run as far as possible in their own chroot path, so that the rest of the file system and phase separation .

Emphasis on licensing issues

As a user or administrator must ensure that any user can perform unnecessary procedures or to open its unnecessary files. Administrators should audit the entire system, and reduce the license of each file to the smallest possible extent. Our goal is that no one can read or write files unrelated. In addition, you should encrypt all sensitive data.

Further, the administrator has to ensure a secure root password, and the password of the person to know better, the only way to guarantee that no one can access their accounts should not be accessed. But also to protect the user's login information latest, to adhere to the policy issue password expiration time. Also, clear the account provided in advance is also wise, or at least change the default password.

It should be emphasized that security is a process rather than a temporary job. This means that managers should monitor and further strengthen the system, in particular the need to monitor the system log, to speed as quickly as possible for the system patched. But also concerned about safety advice, learn the latest vulnerabilities, we could deal with it as soon as possible. So this does not fully solve the Linux security, but to show the user a number of possibilities to strengthen the system.

If you are a Linux user or manager, you should take some steps to make it more secure, but it may reduce the efficiency of the system. So the key is to find a proper balance.
- Ubuntu install Geary (Linux)
- CentOS 6.6 installation certification system based on the ftp service (Server)
- RedHat Linux 9.0 under P4VP-MX motherboard graphics resolution of problems (Linux)
- Do not find ifconfig eth0 and IP address under CentOS6.5 (Linux)
- First start with Kali Linux 2.0 (Linux)
- Laravel cache paged results (Server)
- CentOS build JDK environment (Linux)
- Wi-Fi hackers use to attack your seven methods (Linux)
- Ubuntu 15.10 15.04 14.10 14.04 Install Ubuntu Tweak (Linux)
- CentOS ClamAV antivirus package updates (Linux)
- VMware virtual machine to use bridged mode fast Internet access (Linux)
- Linux command find (Linux)
- RT-11SJ run at ambient PDP-11 MACRO-11 assembly (Programming)
- Linux System Getting Started Learning: Repair (Linux)
- Quickly build and install Linux KVM system (Linux)
- Depth Java Singleton (Programming)
- Linux system security knowledge (Linux)
- MySQL Tutorial: About checkpoint mechanism (Database)
- Embedded Linux Optimization (Programming)
- Binary tree traversal recursive and non-recursive (cyclic) traversal achieve (Programming)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.