Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Linux system server network security management tips     - Shell command line operation (Linux)

- Elaborate .NET Multithreading: Using Task (Programming)

- How to use Linux iptables tool for network sharing (Linux)

- ogg start being given libnnz11.so: can not open shared object file (Database)

- Linux file compression and archiving (Linux)

- CentOS yum install LAMP (Server)

- Linux6.1 / 6.5 dual-NIC Binding (Linux)

- Linux firewall rules example Extracts (Linux)

- Simple to install Tor browser to Ubuntu 14.04 and Linux Mint 17 (Linux)

- Linux Basics Tutorial: Linux Kickstart automated installation (Linux)

- Tune in high resolution to 1280x800 in Fedora 14 (Linux)

- crontab cause CPU exception Analysis and Processing (Linux)

- GRUB how to load Linux kernel (Linux)

- Cacti Linux-based system monitoring and alarm (Linux)

- Chrome plug-in management, online-offline installation, part of the plug presentations (Linux)

- Iptables command in detail (Linux)

- Java interview questions in nine radio (Programming)

- Detailed PHP code optimization [section] (explain reasons) (Programming)

- Linux network cut package is not fully defragment (Linux)

- FastDFS installation and deployment (Server)

 
         
  Linux system server network security management tips
     
  Add Date : 2018-11-21      
         
         
         
  If your Linux server by non-authorized users access to (such as a server on the public room, the public office), it would be serious security risks.

Into the system using the single-user mode

Linux boot after boot: prompt, use a special command, such as linuxsingle or linux 1, will be able to enter single user mode (Single-User mode). This command is useful, such as forget super user (root) password. Reboot the system, the boot: prompt enter linux single (or linux 1), after the super user access system, edit the Passwd file, remove the root line of x can be.

Countermeasures:

The super user (root) into the system, edit / etc / inittab file, change the id: 3: initdefault setting, in which the extra added line (see below), let the system reboot into single user mode when prompted for super user password :

S: walt: / sbin / sulogin

Then execute the command: / sbin / init q, so this setting take effect.

Risk parameters passed to the kernel at system startup

The most commonly used in the Linux boot loader (boot loader) tool is LILO, it is responsible for managing the boot system (can add other partitions and operating system). But some illegal users may easily start Linux or risk parameters passed to the kernel at system startup, which is quite dangerous.

Countermeasures:

Edit the file /etc/lilo.conf, which was added in the restricted parameters, this parameter must be used with the following parameters of a password to talk, indicating that at the boot: prompt, some of the parameters passed to the Linux kernel, you need to enter your password.

password parameter can be used together with the restricted, but also can be used alone, the following will explain.

Used in conjunction with restricted: only at startup parameters passed to the kernel, will be required to enter a password, and in the normal (default) mode, the password is not required, it must pay attention.

Alone (not used in conjunction with restricted): that no matter what boot mode, Linux always requires a password; If there is no password, no way to boot Linux, a higher degree of safety in this case, the equivalent of the peripheral joined a layer of defense. Of course there are disadvantages - you can not remotely reboot the system, unless you add restricted parameters.

Because the password is not encrypted clear text, so the /etc/lilo.conf file must be set to read only the super user can be set using the following command:

chmod 600 /ietc/lilo.conf

Then execute the command: / sbin / lilo -V, writes boot sector, and to make this change to take effect.

In order to strengthen security /etc/liIo.conf files, you can also set this file as immutable attribute, use the command:

chattr ten i / etc / lilo.conf

If in the future you want to modify /etc/liIo.conf file with chattr -i / etc / lilo.conf command can remove this attribute.

Use "Ctrl + Alt + Del" key combination to restart

For this, a very important and very easy to overlook, if unauthorized users have access to the server's keyboard, he can use the key combination "Ctrl + AIt + Del" to make your server reboot.

Countermeasures:

Edit / etc / inittab file, to the ca :: ctrlaltdel: / sbin / shutdown-t3 -r now annotate ### ca :: ctrlaltdeI: / sbin / shutdown-t3 -r now.

Then execute the command: / sbin / init q, make the changes to take effect.
     
         
         
         
  More:      
 
- Why do you need close contact Rust 1.0 (Programming)
- crontab task scheduling Health Check (Linux)
- After Pydev installation, Eclipse does not display solutions (Linux)
- Lazarus for Raspbian installation (Linux)
- Upgrade installation manual CentOS6.5 GCC4.8.2 (Linux)
- Windows 8.1 and Ubuntu 14.04 dual system uninstall Ubuntu Tutorial (Linux)
- Tab set to four spaces in Vim (Linux)
- Windows SmartGit installation (Linux)
- 7 JavaScript interview questions (Programming)
- PCM audio under Linux (Linux)
- Java rewrite equals method (Programming)
- Oracle Database Restore (Database)
- Kali Linux virtualbox rc = Error 1908 workaround (Linux)
- Ubuntu file security removal tool (Linux)
- How to Install Node.js in CentOS 7 (Linux)
- PSUADE installation under Linux (Linux)
- Linux find command usage summary (Linux)
- Java data structures - order linear form of table ArrayList (Programming)
- Generic mechanism C11 standard (Programming)
- Python 2.7 installed on CentOS 6.5 (Linux)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.