Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux server operating system security configuration     - Oracle 12C truncate table cascade (Database)

- C ++ stderr / stdout redirected to a file (Programming)

- Features and prevention methods elaborate network security grayware (Linux)

- Ubuntu prompt / lack of boot space solutions (Linux)

- CentOS 7 Change Hostname (Linux)

- Linux System Getting Started Learning: Using the Linux command line detected DVD burner name and write speeds (Linux)

- Tomcat configuration memory and remote debug port (Server)

- Binary tree to the next node (Programming)

- Linux system ARP attack solution (Linux)

- Install VLC player on Ubuntu 14.10 (Linux)

- Installation Mesos + Marathon + Zookeeper under CentOS 7 (Server)

- Ubuntu Live CD by updating Grub resume boot the Boot Menu (Linux)

- Add a custom encryption algorithm in OpenSSL (Linux)

- The REVERSE function of DB2 (Database)

- Command line tool Tmux (Linux)

- SQLite database commonly used sentences and visualization tools on MAC MeasSQLlite use (Database)

- CentOS 6.5 dual card configuration, one of the external network, a local area network connection (Linux)

- MySQL master-slave delay problem (Database)

- Java objects to garbage collection (Programming)

- Install RAID 6 (Striping double distributed parity) (Linux)

 
         
  Linux server operating system security configuration
     
  Add Date : 2017-01-08      
         
       
         
  First, Linux server disk partition 1, if the newly installed system, disk partition safety should be considered: 1) the root directory (/), the user directory (/ home), the temporary directory (/ tmp) and / var directory should be separated to a different partition;

2) or more of disk space for each directory partition size should be considered to avoid some reason partition runs out of space and cause the system to crash; 2, for the / tmp and / var directory partition, in most cases do not require suid property procedures, it should be added nosuid attribute for partition;

Method one: Modify / etc / fstab file, add nosuid attribute word. For example: / dev / hda2 / tmp ext2 exec, dev, nosuid, rw 0 0


Method Two: If / etc / fstab file operations unfamiliar, it is recommended to modify the program by linuxconf. * Run linuxconf program;

* Select "Access local drive" "File systems" under;

* Select the need to modify the properties of the disk partitions;

* Select "No setuid programs allowed" option;

* Select the other options;

* Normal exit. (Usually prompted to re-mount the partition)

Second, the installation 1, for non-test host, should not be installed too many packages. This reduces the chance that the package and lead to security vulnerabilities.

2. For non-test host, select the host to start the service should not select a non-essential services. For example routed, ypbind like. Third, the enhanced security configuration and kernel upgrade. To upgrade to at least version 2.2.16 above. GNU libc shared library upgrade. (Warning: If you have no experience, can not easily attempt may stay.)

Close dangerous network services. echo, chargen, shell, login, finger, NFS, RPC, etc.

Shut down non-essential network services. talk, ntalk, pop-2, etc.

Common network services security configuration and upgrade

Ensure that the network services are using the latest and most secure version of the current version.

Cancel anonymous FTP access

Unless required to suid programs

Use tcpwrapper

Using ipchains firewall

Log system syslogd
     
         
       
         
  More:      
 
- Linux network monitoring strategy (Linux)
- Linux system components Detailed log (Linux)
- Spacewalk remove packages install the update (Linux)
- CentOS 7 Docker build private warehouse registry (Linux)
- C ++ complex class of operator overloading (Programming)
- Linux screen commonly commands (Linux)
- Java object serialization (Programming)
- RHEL 7.1 compile and install Ganglia 3.7.1 (Server)
- GO five stages of language learning (Programming)
- Linux kernel boot to retain large memory method summary (Linux)
- Zorin OS: Linux novice most personal desktop system should be used (Linux)
- Try debugfs restore the deleted files ext3 file system (Linux)
- CentOS 6 adds disk quota limit (Linux)
- Modify Linux terminal prompt path length (Linux)
- Log4Net (Linux)
- Hanoi problem Java Solution (Programming)
- SecureCRT use the configuration detailed tutorial (Linux)
- Permissions and attributes of files and directories under Linux (Linux)
- Dom4j change XML coding (Programming)
- Some common regular expressions (Linux)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.