Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux server operating system security configuration     - MySQL high availability cluster fragmentation of deployment uses Cobar (Database)

- Oracle multi-user concurrency and transaction processing (Database)

- Scope of variables in Object-C (Programming)

- Android basics summary article (Programming)

- Analysis of MySQL Dockerfile 5.6 (Database)

- iptables using summary (Linux)

- dd command: do hard disk IO performance test (Linux)

- How to make Linux a non-root user uses less than 1024 ports (Linux)

- MySQL to recover the data through binlog (Database)

- Linux, modify / etc / profile file (Linux)

- Oracle 12C truncate table cascade (Database)

- Linux command to view the system status (Linux)

- Oracle archive log deletion (Database)

- Linux directory structure (Linux)

- Oracle table Access Control (Database)

- How to remove the Linux memory Cache, Buffer and swap space (Linux)

- MySQL function: group_concat () function (Database)

- C ++ precision performance test function (Programming)

- Linux Hard Disk Partition and file system management (Linux)

- Search Linux commands and files - which, whereis, locate, find (Linux)

 
         
  Linux server operating system security configuration
     
  Add Date : 2017-01-08      
         
       
         
  First, Linux server disk partition 1, if the newly installed system, disk partition safety should be considered: 1) the root directory (/), the user directory (/ home), the temporary directory (/ tmp) and / var directory should be separated to a different partition;

2) or more of disk space for each directory partition size should be considered to avoid some reason partition runs out of space and cause the system to crash; 2, for the / tmp and / var directory partition, in most cases do not require suid property procedures, it should be added nosuid attribute for partition;

Method one: Modify / etc / fstab file, add nosuid attribute word. For example: / dev / hda2 / tmp ext2 exec, dev, nosuid, rw 0 0


Method Two: If / etc / fstab file operations unfamiliar, it is recommended to modify the program by linuxconf. * Run linuxconf program;

* Select "Access local drive" "File systems" under;

* Select the need to modify the properties of the disk partitions;

* Select "No setuid programs allowed" option;

* Select the other options;

* Normal exit. (Usually prompted to re-mount the partition)

Second, the installation 1, for non-test host, should not be installed too many packages. This reduces the chance that the package and lead to security vulnerabilities.

2. For non-test host, select the host to start the service should not select a non-essential services. For example routed, ypbind like. Third, the enhanced security configuration and kernel upgrade. To upgrade to at least version 2.2.16 above. GNU libc shared library upgrade. (Warning: If you have no experience, can not easily attempt may stay.)

Close dangerous network services. echo, chargen, shell, login, finger, NFS, RPC, etc.

Shut down non-essential network services. talk, ntalk, pop-2, etc.

Common network services security configuration and upgrade

Ensure that the network services are using the latest and most secure version of the current version.

Cancel anonymous FTP access

Unless required to suid programs

Use tcpwrapper

Using ipchains firewall

Log system syslogd
     
         
       
         
  More:      
 
- How to use the command line ftp upload and download files (Linux)
- CentOS7 installation configuration Redis-3.0.0 (Database)
- Spring multi data source configuration (Programming)
- CentOS 6.5 system installation Oracle11.2.0.4 basic steps (Database)
- Improve the Ubuntu SSH login authentication approach speed (Linux)
- How to configure FirewallD in RHEL / CentOS 7 and Fedora in (Linux)
- Use PDFBox processing PDF documents (Linux)
- Use window.name + iframe cross-domain access to data Detailed (Programming)
- Linux compiler of GCC (Linux)
- CentOS minimal network is unavailable resolved (Linux)
- Performance Optimization: Using Ramlog transfer log files to memory (Linux)
- Ora-00020: maximum number of processes (500) exceeded (Database)
- Java recognize simple codes (Programming)
- VPS xen openvz kvm (Server)
- After Oracle 11g dataguard failover rebuild the archive logs are not applied to be NO problem (Database)
- Install Java 8 on Ubuntu using PPA (Linux)
- Linux System Tutorial: How to browse the Linux command line, weather forecast (Linux)
- Use Bash script write CVS version control (Server)
- Vagrant build LNMP environment (Server)
- Linux System Getting Started Tutorial: How to change the default Java version in Linux (Linux)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.