So far, you have installed Linux computer if no security measures, then I think you should know some knowledge about Linux's security, and the use of the method described in this article on this basis to make your Linux platform more secure. Of course, I'm just according to their needs to make reinforced Linux platform, it may not be able to fully meet your needs, but I also think there should be some help.
At home, I'm using Red Hat Linux. In general, I rarely shut down, often using this machine connected to the Internet via broadband. In other words, my machine under general circumstances is online. For the security of this computer, I have two things to consider:
1. I want those who do not want others to see the hidden data and documents;
2. keep uninvited guests use my computer resources.
On my computer, there are a lot of important data. I think the majority of people think that computers have their own important documents and data. I do not want anyone but me to read and write these files. Furthermore, I do not want to use my machine intruder to attack another target. If I find someone use my machine to attack others, I will feel very angry. I believe we will share my feeling. More agonizing problem is that although we are sometimes "black", served as a role system to attack others, while they kept in the dark.
Good safety plan
At the beginning of installation of Linux systems, I will configure Iptables in the kernel. Iptabels is considered Linux packet filtering to achieve fourth-generation applications. The first generation of Linux kernel version 1.1 is used, Alan Cox ported from BSD Unix in over ipfw. In the Linux kernel version 2.0, Jos Vos and other programmers ipfw extends and adds ipfwadm user tools. In Linux2.2 version of the kernel, Russell and Michael Neuling made some very important improvements. That is the kernel, Russell added to help users control filtering rules ipchains tool. Now, Russell has completed its kernel framework called NetFilter of.
NetFilter is intended to provide users with a dedicated infrastructure for packet filtering. Moreover, users and developers can also be built into the Linux kernel. Iptables is a module built in NetFilter framework. It allows users to access the kernel filter planning and command. If you know ipchains, you will find in fact Iptables and ipchains is very similar.
By Iptables configuration, I can block any packet entering or leaving my machine. This is very important, because my machine 24 hours online. With this new protection features, it makes my machine always able to stop attacks from the network. Iptables use and configuration is not difficult. In this limited space, I will not discuss (the reader can easily find information on the Internet).
The next to be discussed is LIDS (Linux Intrusion Detection System). LIDS kernel patch exists in the way. LIDS purpose was to restrict access to the computer files and processes to improve the security of your computer. When someone tries to destroy these restrictions, it will alert you. LIDS Another advantage is that it can even restrict permissions root account. This limitation root account privileges method when an intruder to get root privileges, you can minimize losses. I use LIDS to protect binary system files, configuration files, log files / var / log directory, / etc directory. I will mark it as Readonly binary files without any user, including root, it can be falsified operation. For log files, I would identify it as Append. So for the files in the directory, you can write, but can not modify or delete existing data.
Next I have to do is to minimize the service running on the machine. Services running on the machine, the less people invade my machine is less likely. By default, many Linux distributions will run a lot of resident programs. In my personal opinion, this is not very reasonable. So I closed my Telnet, FTP, and all resident programs to "R" beginning with the letter. In this way, I can avoid sometimes too late to upgrade or install some patches and a threat to the system. For those services that I have to use it, I will install security patches in a timely manner as possible. And if the service is found loopholes, but no relevant patches appear, I will temporarily shut down the service until corrected patch appears.
Once minimize the number of services running on the computer, I would use "netstat l" command to listen. The aim is to make sure I did not miss any I do not need the service. In fact, we do not do any listening work is often easy to make mistakes. If I do not listen to any of the service, this time can be fixed. With good safety gate
In the computer world, there is no absolute security, which means that you can not completely eliminate hackers. Although my computer has not been broken off, but I never thought it would be 100% secure. I just started using Linux in the first few months, almost never considered their safety. I do the work basically how to make the new operating system work together, work better and so on. At that time, I put more energy into learning some basic Linux commands respect and how to use the system, etc., but no energy to focus on other things. During that time, I have been subjected to many attacks. Although at the time it did not cause fatal injuries, but now think of it still haunt.
Well, since your machine is destined to always be attacked, then let us look at how bullish it right. First look at the TCT (The Coroner's Toolkit, http: //www.porcupine.org/forensics/tct.html), which is a good tool. It runs on Linux, FreeBSD, OpenBSD, Solaris, Unix and other platforms. It can last modified files for access or change the time to analyze and extract the file list based on the value of data nodes to recover. You can run it on a machine you suspect danger, to be checked. After running this tool, it will collect data on your hard disk and checks. However, I feel this tool for the novice, too difficult to use. So, if you've never used TCT, it must be read before using a lot of documents. Fortunately, on the home page of the tool, there are a lot of links to HOWTO documents, so if you want to try the friends can look at these documents. If you think the English document looks effortless, you can find TCT keyword's Chinese website in Google, you can find a lot of information related to the Chinese.
The default messaging is unsafe. In this case, you transferred content on the Internet can be seen by other people. You can use traceroute to verify it and see.
Enter "traceroute www.google.com" in the command line, you can know when you submit a search packet to Google, in the end how many machines can see your data package.
Normally, when I log on to a site, I want to make sure you use a secure page --HTTPS. HTTPS uses SSL to encrypt data transmission. If you do not, I transmitted data can easily be ulterior motives machines eavesdropping. For example, when they are used in a variety of Web services, Yahoo provides a secure way to login and submit. I have a Yahoo e-mail account. Use the account, I can log in to check my e-mail at any time, without worrying about my information will be others peeping.
For remote management, I use ssh and scp two programs instead of Telnet and FTP. They are very easy to install, and the features are also fully meet my needs. Once installed, I can open the appropriate ports in the machine Iptables configuration, so I can connect from the outside to the machine.
Here as simple as possible to describe how I make their machines become safety up. I hope these experiences can help all of us how to safely use good Linux.