Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Linux some lessons learned about network security     - Getting Started with Linux system to learn: how to install USB webcams come in raspberry (Linux)

- ASM Disk Space Check (Database)

- Ubuntu and Derivatives users install the latest KKEdit 0.0.31 (Linux)

- How to add two-factor authentication for Linux systems SSH (Linux)

- To install MySQL on Linux (Database)

- CentOS 6.5 Linux System Customization and Packaging Quick Implementation Script (Linux)

- Use the vi text editor and copy and paste Linux tips (Linux)

- Linux beginners to develop the seven habits (Linux)

- Ubuntu Slingscold (Linux)

- Oracle archive log summary (Database)

- C ++ Replication Control: Assignment operators and destructors (Programming)

- How Oracle implements random reads from specific combinations (Database)

- Ubuntu 15.10 15.04 14.10 14.04 Install Ubuntu Tweak (Linux)

- Servlet life cycle code examples (Programming)

- Kibana use installation (Linux)

- Ubuntu 14.04 LTS installed Hadoop 1.2.1 (distributed cluster mode) (Server)

- Cobbler batch install Ubuntu / CentOS system (Linux)

- DRBD daily management (Server)

- AppCode developed Mac OS X application or shared library experience summary (Programming)

- installation and configuration of the PHP environment (Apache2) under Linux (Server)

  Linux some lessons learned about network security
  Add Date : 2018-11-21      
  About Linux User Resources

All users set resource limits on your Linux system can prevent the type of DoS attacks, such as the maximum number of processes, amount of memory. For example, users of all restrictions, edit /etc/security/limits.con add the following lines:

* Hard core 0

* Hard rss 5000

* Hard nproc 20

You must also edit /etc/pam.d/login file, check for the presence of this line:

session required /lib/security/pam_limits.so

The above order prohibiting core files "core 0", limit the number of processes to "nproc 50", and restrict memory usage to 5M "rss 5000".

About the NFS server

Because NFS server vulnerability more, you must be careful. If you want to use the NFS network file system services, so make sure your / etc / exports with the most stringent access permissions set, does not mean do not use any wildcard, does not allow root write permissions, mount into a read-only file system. You can edit the file / etc / exports and add:

/ Dir / to / export host1.mydomain.com (ro, root_squash)

/ Dir / to / export host2.mydomain.com (ro, root_squash)

Where / dir / to / export is the directory you want to output, host.mydomain.com is the login directory machine name, ro means mount as read-only system, root_squash prohibit root write to the directory. Finally, in order to make the above changes to take effect, but also run the / usr / sbin / exportfs -a

Linux open the service

The default linux is a powerful system to run a lot of services. But there are many services are not needed, it is easy to cause a security risk. This file is /etc/inetd.conf, it has developed / usr / sbin / inetd will listen service, you may only need two of them: telnet and ftp, other classes such as shell, login, exec, talk, ntalk , imap, pop-2, pop-3, finger, auth, etc. unless you really want to use it. Otherwise, all the close.

You first use the following command to display the service has not been commented out:

grep -v "#" /etc/inetd.conf

The total number of service order statistics before:

ps -eaf | wc -l

Need to remind you that a lot of loopholes in the following three services, we strongly recommend that you close them: S34yppasswdd (NIS server), S35ypserv (NIS server) and S60nfs (NFS server).

We can run #killall -HUP inetd to turn off unneeded services. Of course, you can also run

#chattr + i /etc/inetd.conf

If you want to make inetd.conf file has the attribute can not be changed, but only root can unlock, hit the following command

#chattr -i /etc/inetd.conf

When you close some services after the re-run the above command to see how much less service. The fewer services running, the more secure the system naturally. We can use the following command to see which services are running:

netstat -na --ip

If you are using RedHat it is much more convenient. ^ _ ^ Redhat provides a tool to help you shut down the service, enter / usr / sbin / setup, and then select the "system services", which you can customize the service to run at system startup. Another option is chkconfig command, many linux version of the system comes with this tool. The name of the script sequence number is started, beginning with uppercase K is used to kill the process.
- Ubuntu Slingscold (Linux)
- Ubuntu install ruby (Linux)
- Android Custom View password box example (Programming)
- Online booking shocking information leakage risk, you dare book the tickets online? (Linux)
- How to use Monit to deploy a server to monitor the system (Server)
- Linux under DB2SQL1024N A database connection does not exist. SQLS (Database)
- iptraf: A Practical TCP / UDP network monitoring tools (Linux)
- A command to install Sublime Text 3 on Manjaro / Archlinux (Linux)
- Github with .gitignore ignore specified file (Linux)
- Oracle View index and use indexes Precautions (Database)
- Use the Find command to help you find those files that need to be cleaned (Linux)
- Docker deployment practices in Ubuntu (Server)
- After installing Ubuntu 15.04, to do a few things (Linux)
- How to use the Linux kill command to kill the process / program is not responding (Linux)
- Update GAMIT10.6 command (Linux)
- Installation and Configuration ISC DHCP server on Debian Linux (Server)
- Linux command line under HTTP traffic sniffing tool: httpry (Linux)
- Server Security Analysis attack on Linux (Linux)
- Android Delete project useless resource file (Programming)
- Additional SQL Server 5123 database reported error (Database)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.