Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Linux operating system security settings initial understanding     - CentOS 6.4 OpenNebula installation (Linux)

- Android thread mechanism --AsyncTask (Programming)

- Let MySQL 5.6 support Emoji expression (Database)

- Swift defined type conversion and type aliases (typealias) (Programming)

- File upload via AngularJS and ASP.NET MVC5 (Programming)

- Tree Traversals Again (Programming)

- How to install Zephyr Test Management Tools on CentOS 7.x (Server)

- Nginx introduced Dynamic Module Architecture (Server)

- Python maketrans () method (Programming)

- init level settings for Linux / etc / inittab file into six (restart) or does not support the level of solution (Linux)

- Android components save state series - Activity (Programming)

- Shell command line operation (Linux)

- WebLogic administrator account and reset the password (Database)

- STL in the list of erase () method (Programming)

- Linux operating system, the internal and external security overview (Linux)

- ThinkPad X220 Ubuntu 14.10 installed on fingerprint recognition (Linux)

- Linux terminal interface font color settings (Linux)

- VMware6 achieve nat Internet (Linux)

- C ++ Learning Notes: references (Programming)

- Merge sort Java implementation (Programming)

  Linux operating system security settings initial understanding
  Add Date : 2018-11-21      
  As I write this article at the same time, somewhere in the world, and perhaps there is a computer in his home the first time you install release Linux. A new Linux administrators by their families and friends set up an account to make the system up and running. Perhaps not long after the initial installation is complete, the Linux system this will be very grateful to access high-speed DSL Internet.

Still vulnerable to attack

Today, almost all the available linux release loopholes in terms of security, in which most of the vulnerability is easily scored, but unfortunately by usages and practices, they are open. A typical installation of Linux when you first start to provide a wide variety of services that can be attacked, such as SHELL, IMAP and POP3. These services are often idle their users need to be used as an entry point to break the system, not only Linux limitations - well-weathered commercial UNIX also provide such services, but will also be a breakthrough.

Do not complain and blame the new system of locks (professional argument sturdy system) is very important. Believe it or not, a Linux system is robust process does not require too many system security expertise. In fact, you can in 5 minutes you can put unreliability Ninety percent of the masked.

let's start

Before starting rugged system, you should ask yourself the role of the machine used to comfort and access to the Internet. You have to carefully determine the service provided by the entire world, if you are not sure, it is best to do nothing. Clear understanding of their security strategy is very important. To decide on your own system using what is acceptable and what is unacceptable.

The goal of this article is an example of the machine as a workstation to send and receive mail, read news, browse the web, and so on.

Establishing Web services security

First, the superuser (root) login to the system to see with netstat command (which is standard on most Linux systems network tools) about the current state of the network, such as the output result is:

root @ percy /] # netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *: imap2 *: * LISTEN
tcp 0 0 *: pop-3 *: * LISTEN
tcp 0 0 *: linuxconf *: * LISTEN
tcp 0 0 *: auth *: * LISTEN
tcp 0 0 *: finger *: * LISTEN
tcp 0 0 *: login *: * LISTEN
tcp 0 0 *: shell *: * LISTEN
tcp 0 0 *: telnet *: * LISTEN
tcp 0 0 *: ftp *: * LISTEN
tcp 0 0 *: 6000 *: * LISTEN
udp 0 0 *: ntalk *: *
udp 0 0 *: talk *: *
udp 0 0 *: xdmcp *: *
raw 0 0 *: icmp *: * 7
raw 0 0 *: tcp *: * 7
- The specified user to execute commands under Linux (Linux)
- ARM platform compiler installation Golang (Linux)
- CentOS install pip (Linux)
- installation of Piwik under Ubuntu (Programming)
- Ubuntu Tutorial - Manually install Oracle Java JDK 8 (Linux)
- Oracle Database High-Risk Vulnerability Warning (Database)
- Java MVC CRUD examples (Programming)
- Puppet 3.5 Source package Installation and Configuration (Server)
- CentOS7 install NTFS-3G driver (Linux)
- tar decompression problems gzip: stdin: not in gzip format (Linux)
- How to use GRUB2 files directly from the hard disk to run ISO (Linux)
- GAMIT10.5 install and update failed Solution (Linux)
- Spring inject a type of object to enumerate (Programming)
- rsync + inotify to achieve real-time synchronization (Server)
- Convert MySQL date string to a NULL value exception handling (Database)
- 20 Top Linux commands (Linux)
- Oracle View index and use indexes Precautions (Database)
- Questions about Linux compiler u-boot (Programming)
- Create a project using Android Studio LinearLayout (Programming)
- MySQL can not write the data keyword conflicts (Database)
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.