Home IT Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Linux Network Security Tips Share     - Firewall Configuration Red Hat Enterprise Linux 4 (Linux)

- CentOS 6.5 dual card configuration, one of the external network, a local area network connection (Linux)

- Security implementation of disk data protection under Linux (Linux)

- hexdump Linux command (Linux)

- Using C ++ Container Templates in Shared Memory (Programming)

- First start with Kali Linux 2.0 (Linux)

- Java thread lifecycle (Programming)

- Java gets the current system time System.currentTimeMillis () (Programming)

- sed command (Linux)

- Ubuntu install Lighttpd + Mono support .net (Linux)

- Java study notes: String (Programming)

- Linux AS4 VPN server in conjunction with a firewall perfect (Linux)

- Apache Tomcat integration and resin (Server)

- MySQL time field based partitioning scheme summary (Database)

- Getting Started with Linux system to learn: how to configure a static IP address for CentOS7 (Linux)

- Android shutdown (reboot) process (Programming)

- Let Git variety of colors and custom log format output (Linux)

- Oracle 11g dataguard main library backup and recovery to the test environment in one database error (Database)

- MySQL simple operation notes under Linux (Database)

- How to install Wine 1.7.20 under Ubuntu or Linux Mint (Linux)

  Linux Network Security Tips Share
  Add Date : 2018-11-21      
  About Linux partition

If a potential hacker to attack your Linux servers, he first attempts to buffer overflow. In the past few years, with the type of buffer overflow vulnerabilities is the most common form. More seriously, buffer overflow vulnerability accounted for the vast majority of remote network attacks, such attacks can easily make an anonymous Internet users have access to some or all of the control of a host!

To prevent such attacks, we install the system from it should be noted. If the root partition records data such as log files and email, it is possible to produce a large number of logs because of denial of service or spam, causing the system to crash. It is recommended for the / var open up a separate partition, used to store logs and e-mail, in order to avoid the root partition is overflow. Best to open a separate partition for specific applications, in particular, can produce large log programs, as well as recommendations for the / home a separate sub-zone, so they can not fill the / partition, so as to avoid some of the partitions for Linux overflow of malicious attacks.

About BIOS

Remember to set a BIOS password in BIOS setup does not accept floppy disk. This prevents malicious people to use a special boot disk on your Linux system and change the BIOS settings to avoid others, such as changing the boot floppy disk set or not pop up the password box directly start the server and so on.

About Password

Passwords are the primary means of user authentication system, the system will install the default minimum password length is usually 5, but not easy to ensure the password guessing attacks, increase the minimum length of the password, at least equal to 8. To do this, you need to modify the file /etc/login.defs parameters PASS_MIN_LEN (minimum password length). At the same time should be limited to the use of a password, the password be changed regularly to ensure that the proposed changes to the parameters PASS_MIN_DAYS (password to use time).

About Ping

Since no one can ping your machine and receive a response, you can greatly enhance the security of your site. You can add the following command line to /etc/rc.d/rc.local, so run automatically each time you start, so that you can prevent your system to respond to any ping request from external / internal come.

echo 1> / proc / sys / net / ipv4 / icmp_echo_ignore_all

About Telnet

Do not show the operating system and version information if you want the user to use Telnet remote login to your server (to avoid targeted exploits), you should rewrite /etc/inetd.conf row like this:

telnet stream tcp nowait root / usr / sbin / tcpd in.telnetd -h

Add -h flag in the background and finally makes telnet not display system information, but merely displayed login.

About privileged account

Prohibit all the default operating system itself was initiated and unnecessary account, when you first install the system should do this check, Linux offers a variety of accounts, you may not need, if you do not need this account, to remove it, you have one account, the more vulnerable to attack.

To delete users on your system, use the following command: userdel username

To delete your user account on the system group, use the following command: groupdel username
- Linux find command usage practices (Linux)
- Using C ++ Container Templates in Shared Memory (Programming)
- How to build a container cluster (Server)
- How to enable curl command HTTP2 support (Linux)
- Ubuntu install perfectly handsome terminal Guake 0.8.1 (Linux)
- Figlet use (Linux)
- Sort search algorithm Java - application examples with recursive dichotomy (Programming)
- VMware Workstation virtual machine startup error: Could not open / dev / vmmon in CentOS 6 (Linux)
- Linux configuration startup mount: fstab file (Linux)
- Java Concurrency -volatile keywords (Programming)
- SUSE Firewall Configuration (Linux)
- Linux LVM - File system extension (Linux)
- Java memory-mapped file MappedByteBuffer (Programming)
- Convert MySQL date string to a NULL value exception handling (Database)
- How to ensure the Linux SSH login security with one-time password (Linux)
- Linux non-root user uses less than 1024 ports (Linux)
- Nagios (centreon) monitoring Linux Log (Server)
- Build your own Python coding environment (Linux)
- C language keywords Comments (Programming)
- Proper use Core Data multithreaded 3 ways (Programming)
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.