Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux system security settings after installation     - Linux group account deletion, and other related operations (Linux)

- Iptables use examples (Linux)

- Linux redirection and piping (Linux)

- Java reflection by calling the class method (Programming)

- Android Notification (Programming)

- Process monitoring tools Supervisor start MongoDB (Database)

- In Spring AOP example explanation (Programming)

- C ++ casts New Standard Comments (Programming)

- How to configure FirewallD in RHEL / CentOS 7 and Fedora in (Linux)

- Ubuntu PPA install SMPlayer 14.9 (Linux)

- Relationship between Linux permissions with the command (Linux)

- JSON Introduction and Usage Summary (Programming)

- 14.04.3 Ubuntu configuration and successfully compiled source code Android 6.0 r1 (Programming)

- Several SQL Server data migration / Export Import Practice (Database)

- STL source code analysis - iterator each container classification (Programming)

- Share Practical Tutorial GitHub (Linux)

- Linux --- file descriptors and redirection (Linux)

- How to Upgrade Ubuntu GNOME 14.10 to GNOME 3.16 Desktop (Linux)

- Linux disk quota-related instruction (Linux)

- Xmanager Remote Desktop connection CentOS (Linux)

 
         
  Linux system security settings after installation
     
  Add Date : 2018-11-21      
         
         
         
  1. When you install the system in addition to the ssh service do not install other services, text installation method is best to open the minimum services on the safety performance of the system will be better. When setting up the root user password must be more than eight (including numbers, letters, symbols) to prevent hackers using password dictionary.

2. The backup system several important file directory and data directory
[Root @ 208 ~] # tar jcvf back.tar.gz / etc / / home / / boot / / bin / / sbin / / usr / bin / / usr / sbin /

3. ssh service control
[Root @ 208 ~] # vim /etc/hosts.allow - which allows IP can use ssh connection
sshd: external network IP address of your
[Root @ 208 ~] # vim /etc/hosts.deny - other IP refuse
sshd: all

4. ssh server port to make changes, so that hackers can not attack my 22 port
[Root @ CentOS ~] # vim / etc / ssh / sshd_config - open ssh service profile
Port 222 - to enable, and modify the line
PermitRootLogin no - do not allow root user login
PermitEmptyPasswords no - do not allow empty passwords
AllowUsers tong @ extranet IP tong1 @ external network IP - only allows two users in the specified IP landing
[Root @ centos ~] # /etc/init.d/sshd restart
Stopping sshd: [OK]
Starting sshd: [OK]
[Root @ centos ~] # vim / etc / services
ssh 222 / tcp - modify these two lines, and you modify a port to
ssh 222 / udp
[Root @ centos ~] # vim / etc / sysconfig / iptables - Open the packet filter
-A INPUT -m state --state NEW -m tcp -p tcp --dport 222 -j ACCEPT
[Root @ centos ~] # /etc/init.d/iptables restart
iptables: Applying firewall rules: [OK]
[Root @ centos ~] #

5. Install the Linux file system check complete tool, it just adds to check files, modify, delete, access, no file backup and recovery, it is recommended before installing the software file backup at first, to prepare for future file recovery.
[Root @ 208 pub] # tar xvf tripwire-2.4.2.2-src.tar.bz2
[Root @ 208 pub] # cd tripwire-2.4.2.2-src
[Root @ 208 tripwire-2.4.2.2-src] # ./configure --prefix = / usr / local / tripwire /
...................... Input accept release
...................... Enter y OK
Enter the site password ......................
Enter the local password ......................
[Root @ 208 tripwire-2.4.2.2-src] # make
[Root @ 208 tripwire-2.4.2.2-src] # make install
[Root @ 208 tripwire-2.4.2.2-src] # cd / usr / local / tripwire / etc /
[Root @ 208 etc] # ll
total 60
-rw-r -----. 1 root root 931 Jan 6 11:44 208.184.97.119.broad.wh.hb.dynamic.163data.com.cn-local.key
-rw-r -----. 1 root root 931 Jan 6 11:44 site.key
-rw-r -----. 1 root root 4586 Jan 6 11:44 tw.cfg
-rw-r -----. 1 root root 598 Jan 6 11:44 twcfg.txt
-rw-r -----. 1 root root 598 Jan 6 11:44 twcfg.txt.default
-rw-r -----. 1 root root 4159 Jan 6 11:44 tw.pol
-rw-r -----. 1 root root 8679 Jan 6 13:03 twpol.txt
-rw-r -----. 1 root root 13806 Jan 6 11:44 twpol.txt.default
[Root @ 208 etc] # vim twpol.txt
(
rulename = "file", - define the rule name
)
{
/ -> $ (ReadOnly); - monitor the root directory files
/ Home -> $ (ReadOnly); - monitor home directory files
/ Usr -> $ (ReadOnly); - listening usr directory files
/ Var -> $ (ReadOnly); - listening var directory files
}
[Root @ 208 etc] # cd ../sbin/
[Root @ 208 sbin] # ./tripwire --init - generating a reference database
[Root @ 208 sbin] # ./tripwire --check - as long as the file is added to modify the definition monitor directory will be listed
[Root @ 208 sbin] # ./tripwire --check --rule-name "file" - Specifies rule name
[Root @ 208 sbin] # ./tripwire --check / home / usr - check the specified directory
     
         
         
         
  More:      
 
- Normal start Lazarus 1.0.8 under Ubuntu (Linux)
- Java generate two-dimensional code by Zxing (Programming)
- Try debugfs restore the deleted files ext3 file system (Linux)
- Tmux Crash Course: Tips and adjustment (Linux)
- To set up the printer use Nagios Monitoring Server (Server)
- Caffe install under Ubuntu 14.04 64bit (Linux)
- When Linux Detailed time zone and common function of time (Linux)
- Physical backup and recovery SYSTEM table space (Database)
- SSH port forwarding application (Server)
- DM9000 timing settings (Programming)
- Linux firewall settings -DNS server articles (Server)
- Manage SQL Server services login (start) account and password (Database)
- Linux security-related basics (Linux)
- Cacti installation deployment under CentOS 6.6 (Server)
- How to use static, class, abstract method in Python (Programming)
- Oracle 10g, 11g database silent installation of small differences (Database)
- Android custom ViewPager create kaleidoscopic image transition effects (Programming)
- sed command (Linux)
- Android Studio quick overview of Gradle (Programming)
- How to install Visual Studio Code on Ubuntu (Linux)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.