Often heard people say, Linux operating system is more secure than Windows. The problem is that any computer connected to the network it is impossible to absolutely secure.
As we often need to pay attention to whether the solid walls of the courtyard, as the operating system also requires us to constantly maintain and strengthen. Here, we're only talking about a few users can be used to strengthen the general steps of the system.
This article focuses on talking about how to strengthen the problem, but before beginning to strengthen, users need the following three issues have a clear understanding of a problem is that this system is used for what purpose, and second, what software it needs to run, the third is the user need protection which vulnerabilities or threats. These three issues were causation, that is, before a problem is the cause of a problem after the latter problem is the previous result.
Everything from scratch
From a known safe state began to strengthen a system that is entirely possible, but in practice this strengthening can begin from a "naked" system. This means that users will have on the system disk repartition opportunity to bring all the data files and operating system files separate from it might be a prudent security measures.
The next step is to configure a minimal installation, of course, you have to allow the system to start, and then add the necessary work to complete the package. This step is critical. Why do we need a minimum of installing new ones? The reason is that fewer machine code can be exploited loopholes will be less: no one can take advantage of the loophole does not exist, is not it? You also need to patch the operating system, and had to run all applications on the system patched.
Note, however, that if someone can approach accessed from the physical machine, he is likely to start the computer from the CD or other media, and gain access to the system. Thus, the user is configured at the system's BIOS, restrictions can only start from the hard disk, and use a strong password to protect this setting.
The next step is to compile your own kernel, or to emphasize here contains only those parts you need. Once you build your own custom system is completed, reboot into the kernel, then you have the possibility of being attacked kernel will be greatly reduced. Strengthen the system but the method is not limited thereto, and the best is yet to come.
Reducing unnecessary services
After running thin system, the next step is to make sure to run only the services you need. Until now, the user has cleared a number of services, but there may be many services are still running in the background. Users need to find these services in many places, such as /etc/init.d and the like /etc/rc.d/rc.local contains multiple positions start the process, to check everything by the cron initiated. Users can also check with netstat or Nmap listening socket and other procedures. For example, many users need to disable the service may include network file systems (samba), remote access services.
Of course, can not be generalized, if you really need some services, it is necessary to try to limit the potentially damaging effect of the rest of its system, to be allowed to run as far as possible in their own chroot path, so that the rest of the file system and phase separation .
Emphasis on licensing issues
As a user or administrator must ensure that any user can perform unnecessary procedures or to open its unnecessary files. Administrators should audit the entire system, and reduce the license of each file to the smallest possible extent. Our goal is that no one can read or write files unrelated. In addition, you should encrypt all sensitive data.
Further, the administrator has to ensure a secure root password, and the password of the person to know better, the only way to guarantee that no one can access their accounts should not be accessed. But also to protect the user's login information latest, to adhere to the policy issue password expiration time. Also, clear the account provided in advance is also wise, or at least change the default password.
It should be emphasized that security is a process rather than a temporary job. This means that managers should monitor and further strengthen the system, in particular the need to monitor the system log, to speed as quickly as possible for the system patched. But also concerned about safety advice, learn the latest vulnerabilities, we could deal with it as soon as possible. So this does not fully solve the Linux security, but to show the user a number of possibilities to strengthen the system.
If you are a Linux user or manager, you should take some steps to make it more secure, but it may reduce the efficiency of the system. So the key is to find a proper balance.