Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux security configuration     - Service Discovery: Zookeeper vs etcd vs Consul (Server)

- CentOS 6.2 install git error Perl5 (Linux)

- OpenJDK 7 compiled under Ubuntu 14.04.3 64-bit (Linux)

- Use PDFBox processing PDF documents (Linux)

- Manually generate AWR reports (Database)

- For the FreeBSD install Adobe Flash plug-in (Linux)

- Oracle database with test data insertion speed (Database)

- Python 3.5 will support Async / Await Asynchronous Programming (Programming)

- Linux system started to learn: how to view the Linux thread of a process (Linux)

- Shell Scripting Interview Questions (Programming)

- How to use Monit to deploy a server to monitor the system (Server)

- Port is not being used, how will bind failure? (Server)

- MySQL group_con cat_max_Len (Database)

- Use Nginx as a load balancer (Server)

- Use apt-p2p up a local Debian package cache (Server)

- Tune in high resolution to 1280x800 in Fedora 14 (Linux)

- Linux how to view the graphics models notebook (Linux)

- RedHat Linux 9.0 under P4VP-MX motherboard graphics resolution of problems (Linux)

- 5 fast Node.js application performance tips (Programming)

- Under CentOS 7 installation and deployment environment Ceph (Server)

 
         
  Linux security configuration
     
  Add Date : 2018-11-21      
         
         
         
  Linux regardless of function, there are many advantages in performance or price, however, as the open operating system, it inevitably there are some security risks. On how to address these risks, for the application to provide a secure operating platform, this article will tell you some of the most basic, the most common and also the most effective tactics.

Linux is a Unix-like operating systems. In theory, Unix itself is designed and no major security flaws. Over the years, the vast majority of security issues on the Unix operating system found mainly in individual programs, so most of the Unix vendors have claimed to have the ability to solve these problems and to provide secure Unix operating system. But Linux is somewhat different, because it does not belong to a particular vendor, manufacturer claims it does not provide security guarantees, so users only solve their own security problems.

Linux is an open system that can find many ready-made programs and tools on the Internet, which not only convenient for users, but also convenient for hackers, because they can easily find the programs and tools to sneak into the Linux system, or steal Linux important information on the system. However, if we carefully set the Linux variety of system functions, and with the necessary safety measures, no exploits can allow hackers.

In general, the security settings on the Linux system, including the elimination of unnecessary services, restrict remote access, hide important information, patch security holes, using security tools, and regular safety checks. The ten kinds of culture and education to improve your Linux system security tactics. Although little tricks, but mouths work, you may wish to try.

linux security configuration of the first move: eliminating unnecessary services

The early Unix versions, each has a different network service a service running in the background, the later version with a unified / etc / inetd server program to undertake this task. Inetd is Internetdaemon acronym, which also monitor multiple network ports, upon receiving the connection information coming from the outside world, on the implementation of the corresponding TCP or UDP network services.

Due to the unified command inetd, so Linux TCP or UDP in most of the services are set in the /etc/inetd.conf file. So the first step in eliminating unnecessary service is to check the /etc/inetd.conf file, before the service do not add "#" sign.

In general, in addition to http, smtp, telnet and ftp, other services should be eliminated, such as simple file transfer protocol tftp, imap / ipop mail storage and network transport protocol used to receive, find and search information using the gopher and the use daytime for time synchronization and time and so on.

There are also reports the system state services, such as finger, efinger, systat and netstat, etc., although the system is very useful troubleshooting and finding users, but also to provide a door to hackers. For example, a hacker can use finger to find the user's telephone service, use the directory as well as other important information. Therefore, many Linux system will cancel all or part of those services canceled in order to enhance system security.

In addition to using /etc/inetd.conf Inetd set the system service item, but also use / etc / services file to find the port used by the service. Therefore, the user must carefully examine the file to set the port each, in order to avoid security loopholes.

In Linux, there are two different service patterns: one is when the service has to be performed only as finger service; the other is a non-stop service has been performed. Such services activated when the system starts, you should not rely modify inetd to stop their service, but can only modify /etc/rc.d/rc[n].d/ file or to modify from Run?level?editor it. NFS servers to provide file services and NNTP news service providing news belong to such services, if not necessary, it is best to cancel these services.

linux security configuration 2 strokes: restricted access system

Before entering the Linux system, all users need to log in, that is, users need to enter a user ID and password, the system only after they are verified by the user to enter the system.

After other Unix operating systems, Linux will generally be password encrypted, stored in / etc / passwd file in. All users on the Linux system can read / etc / passwd file, although the file has been stored in encrypted password, but still not safe. Because the general users can use existing code-breaking tools to guess the password brute-force method. Safer method is to set the shadow file / etc / shadow, only allowed with special permission of the user to read the file.

In the Linux system, if you want to use the shadow file, all utilities must be recompiled to support the shadow file. This method is cumbersome, relatively simple method is to use Pluggable Authentication Modules (PAM). Many Linux systems come with the Linux utility PAM, it is an authentication mechanism can be used to dynamically change the authentication methods and requirements, without requiring recompilation of other utilities. This is because the PAM uses a closed package of the way, all the authentication-related logic all hidden in the module, so it is the best helper using shadow files.
     
         
         
         
  More:      
 
- Introduces Linux kernel compilation system and compiler installation (Linux)
- An Analysis of the C Algorithm for Calculating the Number of Days Between Date (Programming)
- Root of AVL Tree- achieve balanced search trees AVL tree (Programming)
- How to install Linux Go Language (Linux)
- Sniffer Linux Environment (Linux)
- How to Install SeaMonkey 2.25 for Ubuntu (Linux)
- CentOS6.6 ordinary users to use sudo command to borrow root user privileges (Linux)
- Java class HashSet (Programming)
- Ubuntu 14.04, 13.10 install OpenCV 2.4.9 (Linux)
- Java Foundation - implicit conversion vs cast (Programming)
- Customize the output format in Linux history (Linux)
- Linux installed Cisco Packet Tracer (Linux)
- Linux protobuf-c (Linux)
- Binding unofficial Google Drive and Ubuntu 14.04 LTS (Linux)
- To repair Shell script by default open in Ubuntu (Linux)
- CentOS replaces update source and Linux kernel compilation summary (Linux)
- Oracle table space usage monitoring (Database)
- RHEL 6.5 KVM analytical use (Server)
- Ubuntu modify locale problem solving (Linux)
- About redis in Replication (Database)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.