Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Linux startup and logon security settings     - To install network scanning and packet sniffer tool Nmap 7.00 under ubuntu (Linux)

- JBPM6 Tutorial - Fast Fun JBPM table (Linux)

- Learn about EditText little depth (Programming)

- JavaScript subarray Deduplication (Programming)

- How to add and delete bookmarks in Ubuntu (Linux)

- Install and use automated tools Ansible in CentOS 7 (Linux)

- using Docker Kitematic on windows (Linux)

- Introduction to Linux Shell (Programming)

- Oracle multi-table query optimization (Database)

- Oracle RMAN backups of the control file backup (Database)

- The method to mount the CD under Linux (Linux)

- Debian 7.8 system installation and configuration process (Linux)

- How to enhance the security of Linux systems (Linux)

- RedHat Linux 5.5 installation process SVN Service Notes (Server)

- A key installation Gitlab 7 on RHEL6.4 and Setup Mail TX (Linux)

- Heartbeat (v1, v2, pacemaker) cluster components Overview (Server)

- Spring Data JPA call a stored procedure examples (Programming)

- ElasticSearch - Basic Concepts (Server)

- How to use Git to upload code to GitHub project (Linux)

- Log4j configuration file Explanation (Linux)

  Linux startup and logon security settings
  Add Date : 2018-11-21      
  1. BIOS security
Set BIOS passwords and modify boot order prohibiting boot from a floppy disk system.

2. User password
User password is a basic starting point for Linux security, many people use the user password is too simple, which is equal to the intruder opened the door, although in theory, as long as there is sufficient time and resources available, there is no can not crack users. password. But properly selected password is difficult to crack, better user passwords are easy to remember those who only he himself and understand the string of characters, and never write it anywhere.

3. Default Account
Should prohibit all the default operating system itself was initiated and unnecessary account, when you first install the system should do, Linux provides a number of default account, and the account more, the system more vulnerable to attack.
You can use the following command to delete the account.
# Userdel username
Or use the following command to delete the user group account.
# Groupdel username

4. The password file
chattr command to add the following file attributes can not be changed to prevent unauthorized users access privileges.
# Chattr + i / etc / passwd
# Chattr + i / etc / shadow
# Chattr + i / etc / group
# Chattr + i / etc / gshadow

5. Prohibition Ctrl + Alt + delete command to restart the machine
Modify / etc / inittab file, "ca :: ctrlaltdel: / sbin / shutdown -t3 -r now" comment out the line. Then re-set at /etc/rc.d/init.d/ directory permissions of all files, run the following command:
# Chmod -R 700 /etc/rc.d/init.d/*
Thus only root can read, write, or execute all of the above script file.

6. Restrictions su command
If you do not want anyone to be able to use su as root, you can edit /etc/pam.d/su file, add the following two lines:
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_wheel.so group = isd
At this time, only isd group of users can use su as root. Then, if you want the user admin can use su as root, you can run the following command:
# Usermod -G10 admin

7. deletion login information
By default, the login prompt release includes Linux kernel version name and server host name and so on.
For a higher security requirements for this machine leaked too much information.
You can edit the /etc/rc.d/rc.local the following line commented out system information output.
# This will overwrite / etc / issue at every boot. So, make any changes you
# Want to make to / etc / issue here or you will lose them when you reboot
# Echo ""> / etc / issue
# Echo "$ R" >> / etc / issue
# Echo "Kernel $ (uname -r) on $ a $ (uname -m)" >> / etc / issue
# Cp -f / etc / issue /etc/issue.net
# Echo >> / etc / issue
Then, proceed as follows:
# Rm -f / etc / issue
# Rm -f /etc/issue.net
# Touch / etc / issue
# Touch /etc/issue.net
- How to manage your to-do list with the Go For It on Ubuntu (Linux)
- Help you to see Linux system architecture type 5 Common Commands (Linux)
- iOS9 new feature - stacked view UIStackView (Programming)
- How to properly set up a Linux swap partition (Linux)
- The principle Httpclient4.4 (execution request) (Programming)
- Ubuntu 12.04 64-bit installation Redmine + Git + ReviewBoard (Linux)
- Oracle ORA-01089 failure analysis (Database)
- Ubuntu installation module Python rq (Linux)
- In-depth summary of the PHP core of object-oriented (Programming)
- Do you know how to build the Linux kernel (Programming)
- Confrontation dragged Library - Web front-end encryption slow (Linux)
- Mac OS X system setup Google Go language development environment configuration tool Sublime Text 2 (Linux)
- To setup a ftp server under Linux (Server)
- To install the mail client terminal Evolution 3.13.2 under Ubuntu 14.04 (Linux)
- 12 kinds of detection of CPU information on a Linux system tools (Linux)
- MySQL Statistics (Database)
- Ubuntu 14.04 installation configuration GNOME Classic interface (Linux)
- Python3 multi-thread download codes (Programming)
- SSH does not require a password to log on to a Linux server (Server)
- Deb package installation method under ubuntu (Linux)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.