Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Advanced Linux security settings     - Summary of Docker mounted directory (Server)

- redis main building and disaster recovery from a cluster deployment (Database)

- Linux the best download manager uGet (Linux)

- What have we learn from the front-end application Nodejs (Programming)

- Install mono offline on CentOS (Server)

- CentOS modify yum update source (Linux)

- Use 3G wireless network card under Linux (Linux)

- Linux firewall settings -DNS server articles (Server)

- Install Xshell on Mac OS X (Linux)

- CentOS 5.5 kernel upgrade installation iftop (Linux)

- C ++ precision performance test function (Programming)

- Java string concatenation techniques (StringBuilder tips) (Programming)

- Use value type build better applications Swift (Programming)

- The principle Httpclient4.4 (execution request) (Programming)

- Vim simple configuration (Linux)

- Squid proxy server (Server)

- Oracle database physical file backup / restore (Database)

- File sharing and fork function (Programming)

- XtraBackup achieve non-stop use of master-slave synchronization service (Database)

- To install MySQL on Linux (Database)

  Advanced Linux security settings
  Add Date : 2017-08-31      
  Often heard people say, Linux operating system is more secure than Windows. The problem is that any computer connected to the network it is impossible to absolutely secure.

As we often need to pay attention to whether the solid walls of the courtyard, as the operating system also requires us to constantly maintain and strengthen. Here, we're only talking about a few users can be used to strengthen the general steps of the system.

This article focuses on talking about how to strengthen the problem, but before beginning to strengthen, users need the following three issues have a clear understanding of a problem is that this system is used for what purpose, and second, what software it needs to run, the third is the user need protection which vulnerabilities or threats. These three issues were causation, that is, before a problem is the cause of a problem after the latter problem is the previous result.

Everything from scratch

From a known safe state began to strengthen a system that is entirely possible, but in practice this strengthening can begin from a "naked" system. This means that users will have on the system disk repartition opportunity to bring all the data files and operating system files separate from it might be a prudent security measures.

The next step is to configure a minimal installation, of course, you have to allow the system to start, and then add the necessary work to complete the package. This step is critical. Why do we need a minimum of installing new ones? The reason is that fewer machine code can be exploited loopholes will be less: no one can take advantage of the loophole does not exist, is not it? You also need to patch the operating system, and had to run all applications on the system patched.

Note, however, that if someone can approach accessed from the physical machine, he is likely to start the computer from the CD or other media, and gain access to the system. Thus, the user is configured at the system's BIOS, restrictions can only start from the hard disk, and use a strong password to protect this setting.

The next step is to compile your own kernel, or to emphasize here contains only those parts you need. Once you build your own custom system is completed, reboot into the kernel, then you have the possibility of being attacked kernel will be greatly reduced. Strengthen the system but the method is not limited thereto, and the best is yet to come.

Reducing unnecessary services

After running thin system, the next step is to make sure to run only the services you need. Until now, the user has cleared a number of services, but there may be many services are still running in the background. Users need to find these services in many places, such as /etc/init.d and the like /etc/rc.d/rc.local contains multiple positions start the process, to check everything by the cron initiated. Users can also check with netstat or Nmap listening socket and other procedures. For example, many users need to disable the service may include network file systems (samba), remote access services.

Of course, can not be generalized, if you really need some services, it is necessary to try to limit the potentially damaging effect of the rest of its system, to be allowed to run as far as possible in their own chroot path, so that the rest of the file system and phase separation .

Emphasis on licensing issues

As a user or administrator must ensure that any user can perform unnecessary procedures or to open its unnecessary files. Administrators should audit the entire system, and reduce the license of each file to the smallest possible extent. Our goal is that no one can read or write files unrelated. In addition, you should encrypt all sensitive data.

Further, the administrator has to ensure a secure root password, and the password of the person to know better, the only way to guarantee that no one can access their accounts should not be accessed. But also to protect the user's login information latest, to adhere to the policy issue password expiration time. Also, clear the account provided in advance is also wise, or at least change the default password.

It should be emphasized that security is a process rather than a temporary job. This means that managers should monitor and further strengthen the system, in particular the need to monitor the system log, to speed as quickly as possible for the system patched. But also concerned about safety advice, learn the latest vulnerabilities, we could deal with it as soon as possible. So this does not fully solve the Linux security, but to show the user a number of possibilities to strengthen the system.

If you are a Linux user or manager, you should take some steps to make it more secure, but it may reduce the efficiency of the system. So the key is to find a proper balance.
- Hunk / Hadoop: Performance Best Practices (Server)
- CentOS yum install LAMP (Server)
- Docker deployment practices in Ubuntu (Server)
- About redis in Replication (Database)
- Linux rpm command Detailed (Linux)
- Customize own small private Linux system (Linux)
- Spacewalk remove packages install the update (Linux)
- The default permissions for files and directories under Linux computing (Linux)
- CentOS system Amoeba + MySQL Master-slave configuration (Database)
- Getting Started with Linux: Learn how to install and access CentOS 7 Remote Desktop on a VPS (Server)
- MySQL 5.6 use GTIDs build the master database (Database)
- Chrome plug-in management, online-offline installation, part of the plug presentations (Linux)
- CentOS 7.0 Automatic installation CD-ROM production Comments (Linux)
- Selection sort, insertion sort, and Shell sort (Programming)
- Linux System Getting Started Learning: Using the Linux command line detected DVD burner name and write speeds (Linux)
- C + + secondary pointer memory model (pointer array) (Programming)
- Ubuntu iptables prevent IP attacks (Linux)
- Udev: Device Manager for Linux Fundamentals (Linux)
- Btrfs file system creation and their characteristics in Linux (Linux)
- CentOS7 install JDK (Linux)
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.