First, Linux server disk partition 1, if the newly installed system, disk partition safety should be considered: 1) the root directory (/), the user directory (/ home), the temporary directory (/ tmp) and / var directory should be separated to a different partition;
2) or more of disk space for each directory partition size should be considered to avoid some reason partition runs out of space and cause the system to crash; 2, for the / tmp and / var directory partition, in most cases do not require suid property procedures, it should be added nosuid attribute for partition;
Method one: Modify / etc / fstab file, add nosuid attribute word. For example: / dev / hda2 / tmp ext2 exec, dev, nosuid, rw 0 0
Method Two: If / etc / fstab file operations unfamiliar, it is recommended to modify the program by linuxconf. * Run linuxconf program;
* Select "Access local drive" "File systems" under;
* Select the need to modify the properties of the disk partitions;
* Select "No setuid programs allowed" option;
* Select the other options;
* Normal exit. (Usually prompted to re-mount the partition)
Second, the installation 1, for non-test host, should not be installed too many packages. This reduces the chance that the package and lead to security vulnerabilities.
2. For non-test host, select the host to start the service should not select a non-essential services. For example routed, ypbind like. Third, the enhanced security configuration and kernel upgrade. To upgrade to at least version 2.2.16 above. GNU libc shared library upgrade. (Warning: If you have no experience, can not easily attempt may stay.)
Close dangerous network services. echo, chargen, shell, login, finger, NFS, RPC, etc.
Shut down non-essential network services. talk, ntalk, pop-2, etc.
Common network services security configuration and upgrade
Ensure that the network services are using the latest and most secure version of the current version.
Cancel anonymous FTP access
Unless required to suid programs
Using ipchains firewall
Log system syslogd