Home IT Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Linux Network Security Tips Share     - RHEL5 stalled due to power service error system can not start (Linux)

- Ubuntu 15.10 installation and deployment Swift development environment (Linux)

- Dockerfile use to build a mirror-based CentOS 7 (Linux)

- Install Java JDK 8 in CentOS 7 / 6.5 / 6.4 (Linux)

- C ++ type conversion and RTTI (Programming)

- OpenSSH version smooth upgrade method (Linux)

- Linux System Getting Started Learning: install software packages on Ubuntu and Fedora (Linux)

- Ubuntu apt-mirror established local private sources (Linux)

- Linux Command Tutorial: du command to view disk space (Linux)

- Oracle: RETURNING clause (Database)

- Linux System Getting Started tutorial: Ubuntu desktop using the command line to change the system proxy settings (Linux)

- GAMIT10.5 under CentOS installation (Linux)

- ActiveMQ-based shared file system HA solutions (Server)

- About DataGuard three protected mode test (Database)

- MySQL stored procedures execute dynamic sql statement (Database)

- PHP with FastCGI and mod_php Comments (Server)

- Python Basics: Search Path (Programming)

- Linux regex awk Comments (Linux)

- Oracle 11g maintenance partitions (Seven) - Modifying Real Attributes of Partitions (Database)

- Linux software firewall ACL match point optimization (Linux)

  Linux Network Security Tips Share
  Add Date : 2018-11-21      
  About Linux partition

If a potential hacker to attack your Linux servers, he first attempts to buffer overflow. In the past few years, with the type of buffer overflow vulnerabilities is the most common form. More seriously, buffer overflow vulnerability accounted for the vast majority of remote network attacks, such attacks can easily make an anonymous Internet users have access to some or all of the control of a host!

To prevent such attacks, we install the system from it should be noted. If the root partition records data such as log files and email, it is possible to produce a large number of logs because of denial of service or spam, causing the system to crash. It is recommended for the / var open up a separate partition, used to store logs and e-mail, in order to avoid the root partition is overflow. Best to open a separate partition for specific applications, in particular, can produce large log programs, as well as recommendations for the / home a separate sub-zone, so they can not fill the / partition, so as to avoid some of the partitions for Linux overflow of malicious attacks.

About BIOS

Remember to set a BIOS password in BIOS setup does not accept floppy disk. This prevents malicious people to use a special boot disk on your Linux system and change the BIOS settings to avoid others, such as changing the boot floppy disk set or not pop up the password box directly start the server and so on.

About Password

Passwords are the primary means of user authentication system, the system will install the default minimum password length is usually 5, but not easy to ensure the password guessing attacks, increase the minimum length of the password, at least equal to 8. To do this, you need to modify the file /etc/login.defs parameters PASS_MIN_LEN (minimum password length). At the same time should be limited to the use of a password, the password be changed regularly to ensure that the proposed changes to the parameters PASS_MIN_DAYS (password to use time).

About Ping

Since no one can ping your machine and receive a response, you can greatly enhance the security of your site. You can add the following command line to /etc/rc.d/rc.local, so run automatically each time you start, so that you can prevent your system to respond to any ping request from external / internal come.

echo 1> / proc / sys / net / ipv4 / icmp_echo_ignore_all

About Telnet

Do not show the operating system and version information if you want the user to use Telnet remote login to your server (to avoid targeted exploits), you should rewrite /etc/inetd.conf row like this:

telnet stream tcp nowait root / usr / sbin / tcpd in.telnetd -h

Add -h flag in the background and finally makes telnet not display system information, but merely displayed login.

About privileged account

Prohibit all the default operating system itself was initiated and unnecessary account, when you first install the system should do this check, Linux offers a variety of accounts, you may not need, if you do not need this account, to remove it, you have one account, the more vulnerable to attack.

To delete users on your system, use the following command: userdel username

To delete your user account on the system group, use the following command: groupdel username
- iOS constants, variables, properties and characteristics (Programming)
- Red Flag Linux Desktop 6.0 hard disk installation guide (Programming)
- Analysis of C ++ exception mechanism (Programming)
- Nginx caching using the official guide (Server)
- Linux System Getting Started Tutorial: how to find information on Linux-embedded module (Linux)
- CentOS6.7 text installation system (Linux)
- Vim highlight lookup operation (Linux)
- Easily create RPM packages using the FPM (Linux)
- Python script running in the background (Programming)
- Replace element and non-replaced elements of learning (Programming)
- Linux System Getting Started Learning: Statistical process a number of threads in Linux (Linux)
- Deploy OpenStack Juno on Ubuntu 14.04 (Linux)
- Linux how to handle file names that contain spaces and special characters (Linux)
- Java in the final qualifier (Programming)
- MySQL 5.7 can not log in problem (Database)
- Features and prevention methods elaborate network security grayware (Linux)
- MySQL and Oracle time zone settings compare (Database)
- Terminal multiplexing tool tmux use (Linux)
- LAN Deployment Docker-- from scratch to create your own private warehouse Docker (Linux)
- CentOS source installation GitLab Chinese Version (Server)
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.