Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Some safety precautions of Linux servers     - Linux environment has been running Tomcat how to deploy the new Tomcat (Server)

- Oracle 11g contraction table space error ORA-03297: file contains used data beyondrequested RESIZE value (Database)

- Some of the bibliographic management tools to good use on linux (Linux)

- Two strokes to improve development productivity Struts2 (Programming)

- RedHat Linux 6 desktop installation (Linux)

- The YUM package management under Linux (Linux)

- Ubuntu derivative version of the user and how to install SmartGit / HG 6.0.0 (Linux)

- Shutdown - an advanced shutdown artifact (Linux)

- Install the latest Pinta graphics editing software on Ubuntu 14.04 (Linux)

- Linux environment password security settings (Linux)

- Sublime Text - Opens the current file in a browser (Linux)

- Formatted output printf command (Programming)

- Linux, C programming language library file handling and preparation of Makefile (Programming)

- Sleuth Kit: used to analyze a disk image and restore files open source forensics tools (Linux)

- Remote database using RMAN recovery test (RAC return to single-instance database) (Database)

- Installation of network monitoring ntopng under CentOS 6.4 (Linux)

- How to build a container cluster (Server)

- Apache Mina framework Practice (Programming)

- PostgreSQL log classification and management (Database)

- To configure parameter configuration and software installation and uninstallation under Linux (Linux)

 
         
  Some safety precautions of Linux servers
     
  Add Date : 2018-11-21      
         
         
         
  If the owners of the Linux server can be a non-authorized users access to (such as IDC server on the public room, the public office), then it has some security risks.

Into the system using the single-user mode

Linux boot after boot: prompt, use a special command, such as linuxsingle or linux 1, will be able to enter single user mode (Single-User mode). This command is useful, such as forget super user (root) password. Reboot the system, the boot: prompt enter linux single (or linux 1), after the super user access system, edit the Passwd file, remove the root line of x can be.

Countermeasures:

The super user (root) into the system, edit / etc / inittab file, change the id: 3:

initdefault setting, in which the additional line is added (see below), let the system reboot into single user mode when prompted for super user password:

~ ~: S: walt: / sbin / sulogin

Then execute the command: / sbin / init q, so this setting take effect.

Transfer to the core during system startup dangerous parameters most commonly used boot loader in Linux (boot loader) tool is LILO, it is responsible for managing the boot system (can add other partitions and operating system). But some illegal users may easily start Linux or risk parameters passed to the kernel at system startup, which is quite dangerous.

Countermeasures:

Edit the file /etc/lilo.conf, which was added in the restricted parameters, this parameter must be used with the following parameters of a password to talk, indicating that at the boot: prompt, some of the parameters passed to the Linux kernel, you need to enter your password. password parameter can be used together with the restricted, but also can be used alone, the following will explain. Used in conjunction with restricted: only at startup parameters passed to the kernel, will be required to enter a password, and in the normal (default) mode, the password is not required, it must pay attention.

Alone (not used in conjunction with restricted): that no matter what boot mode, Linux always requires a password; If there is no password, no way to boot Linux, a higher degree of safety in this case, the equivalent of the peripheral joined a layer of defense. Of course there are disadvantages - you can not remotely reboot the system, unless you add restricted parameters.

Because the password is not encrypted clear text, so the /etc/lilo.conf file must be set to read only the super user can be set using the following command:

c hmod 600 /ietc/lilo.conf

Then execute the command: / sbin / lilo -V, writes boot sector, and to make this change to take effect.

^ D '/ [&

In order to strengthen security /etc/liIo.conf files, you can also set this file as immutable attribute, use the command:

c hattr ten i / etc / lilo.conf

If in the future you want to modify /etc/liIo.conf file with chattr -i / etc / lilo.conf command can remove this attribute.

Use "Ctrl + Alt + Del" key combination to restart this point is very important and very easy to overlook, if unauthorized users have access to the servers' keyboard, he can use the key combination "Ctrl + AIt + Del" to make your server restart.

Countermeasures:

Edit / etc / inittab file, to the ca :: ctrlaltdel: / sbin / shutdown-t3 -r now annotate ### ca :: ctrlaltdeI: / sbin / shutdown-t3 -r now.

Then execute the command: / sbin / init q, make the changes to take effect.
     
         
         
         
  More:      
 
- Linux system using the command line shutdown or restart (Linux)
- Linux garbled file delete method (Linux)
- The compiler installed Kaldi under Ubuntu 12.04 (Linux)
- 10 Regulation of painless SQL Schema (Database)
- Installing Linux and Windows 10 dual system (Linux)
- Matters Oracle 11.2 single instance when connecting ASM need to pay attention and deal with the problem (Database)
- Oracle view object space usage show_space (Database)
- The Sublime Text 3 configuration file (Linux)
- Detailed driver compiled into the Linux kernel (Programming)
- How to install or upgrade to the Linux kernel in Ubuntu 4.2 (Linux)
- Ubuntu 15.04 and Ubuntu 14.04 installed Cinnamon 2.6 (Linux)
- Fedora && Arch Linux - the most romantic thing to happen now (Linux)
- Getting Started with Linux system to learn: how to check memory usage of Linux (Linux)
- CentOS 6.4 Telecom ADSL dial-up network configuration (Linux)
- You may not know the Linux command-line network monitoring tool (Linux)
- Netcat Example (Linux)
- Ubuntu PPA install SMPlayer 14.9 (Linux)
- Ubuntu 14.04 build Android 5.1 development environment and compiler (Linux)
- Android in the event delivery and handling mechanism (Programming)
- Linux SVN installation and configuration graphic tutorials (Server)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.