Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Some security configuration of Linux systems     - The multiplexed signal driving IO (Programming)

- Formatted output printf command (Programming)

- Puppet subcommands Introduction (Server)

- Oracle 11g manually create a database (Database)

- I like Linux Security (Linux)

- Spring classic face questions Share (Programming)

- Use eCryptFS encrypt files and directories on Linux (Linux)

- Linux, security encryption to transfer files between machines (Linux)

- Linux iptables firewall and vsftpd to resolve the issue (Linux)

- Oracle first Automated Installation Packages (Database)

- Expand an existing RAID arrays and remove the failed disk in a RAID (Linux)

- Windows 7 hard disk to install Ubuntu 14.10 (Linux)

- C ++ free store and heap (Programming)

- Linux Demo dd IO test (Linux)

- Redis application of Sina Weibo (Database)

- to install the deployment of LVS under CentOS 7.0 (Server)

- Json data with double backslashes to a single backslash Json data processing (Programming)

- Python 2.7 installed on CentOS 6.5 (Linux)

- C ++ hash function (Programming)

- The difference between Linux su and sudo commands (Linux)

 
         
  Some security configuration of Linux systems
     
  Add Date : 2018-11-21      
         
         
         
  Because Linux is open source, so that behind Linux powerful, always some undesirable places, in order to achieve one of the most secure Linux degree, but also to continue to be done on the configuration of Linux.

Therefore, the general should pay attention to a host of bug fixes package, firewalls settings, turn off the risk of the service (port) and a daily log analysis.

Here again we have to say something about port security issues

What is the port

A host port can be divided into advanced port monitoring port and random access to the so-called host listening port is opened which services, then the service will enable a port to listen for client requests on Linux systems. For example FTP server, will open port 21, the port will remain enabled until the FTP service is shut down. the so-called advanced port random access is a Linux host to request service, Linux hosts need to enable a port for external connection, the port number is How much? Linux will be randomly drawn and an unused port above 1024 to connect.

Therefore, the data transfer server / Client is actually transferred between the port and the port.

Total number of ports, which is reserved port

Port Number 1-65535 is composed, so there will be 65,535 ports. Generally, only root can open a port 1-1023 within these ports are special Tuan port for reserved for system use. As for the more than 1024 ports, in addition to the system as a random access connectivity needs than can also be used to monitor the use of the service.

If the program 1-1023 port invasion, indicating that the intruder has root privileges because only root can open a port 1-1023 within this time we should pay attention to the security of the host.

Remain in the Linux port and its corresponding service is in fact already have a table that is / etc / services file, you can use netstat -n numerically display the connection status, use netatst -tl can display the current service is listening name. / etc / services file is set to start certain ports port when an important basis.

To understand the so-called port security and services for the relationship: the real impact of network security is not a port, but a start port services.

So the real harm is certain unsafe services rather than open ports. Basically, if not necessary, turn off some of the less than the port, and the version of the service to be continuously updated.

How to view the port

1. The host needs to know the current number of open ports?

2. Understand the service port with a corresponding file is that? / Etc / services

Description See host port most commonly used commands:

netstat: Check your program to detect ports on the machine, there is no danger

nmap: On the machine to detect its own special testing procedures may be illegal

Close or start a port

To open or close a port, only one service can be turned on or off. So, when After detecting port, the next step is to find out the port corresponding to the service, the service turned off, the port will be switched off.

The method of service is set to start at boot

If the text log, the run-level language interface is 3, so we can find the start parameters for the service in /etc/rc.d/rc3.d where S is to the beginning of the file. If you do not start some services, we the corresponding service files (files beginning with S) can be deleted.

Under normal circumstances do not need to manually delete the file, Linux provides us with general procedures to be completed:

ntsysv

setup

To all of Linux is not the default service shut down? Because the system had a lot of services are certain to start, otherwise it becomes unsafe.

Here are some no open port, but it is necessary for the system services that do not close.

atd: Regular order mentioned, implementation tasks only once reservation, be sure to start

cron: Regular order mentioned in the command loop is executed, be sure to start

iptables: firewall, however, start it

keytables: Sets the alpha format on the keyboard, of course, need to read, otherwise how to control

network: Network features

random: Fast stored in the system then the time to image file, the system is very important, because in the boot, the system return quickly returned to the state prior to shutdown

syslog: in the system log file mentioned, is a very important document, be sure to start

xinetd: Server Manager super deamon, is one of the services that must be started

xfs: If you are using run-level graphical interface, this must start

Close all open ports

In Bahrain Linux, it will be shut down unnecessary programs or services, the most important thing is to open ports to close, when necessary. If you assume that the server, open these ports can be individually turned on.

1. What services start ntsysv set the boot

Generally only choice: atd, cron, iptables, keytables, network, random, syslog, xinetd, xfs (if any graphical interface)

2. Restart

reboot

3. Check the number of currently active ports

netstat -an
     
         
         
         
  More:      
 
- Java generate two-dimensional code by Zxing (Programming)
- IO reference Docker container (Server)
- Debian (Wheezy) Install Java environment / replace OpenJDK as the SUN JDK (Linux)
- Linux (RHEL6 CENTOS6 OLE6) VNC-SERVER Installation and Configuration (Server)
- Linux system ARP attack solution (Linux)
- Experience RHEL7 new features (Linux)
- Oracle in the add & split partition on the impact of global & local index (Database)
- secureCRT remote login Linux must first open the connection protocol (Linux)
- Linux Systemd-- To start / stop / restart services in RHEL / CentOS 7 (Linux)
- Python script running in the background (Programming)
- Python closure and function objects (Programming)
- Linux detection command (vmstat) (Linux)
- 20 Top Linux commands (Linux)
- How to understand Python yield keyword (Programming)
- Deploy Apache Spark cluster environment in Ubuntu (Server)
- CentOS / Linux kernel upgrade (Linux)
- Installation Yarock 1.1.4 Music Player in Ubuntu (Linux)
- Linux disk partition, format, mount the directory (Linux)
- C ++ 11 smart pointers (Programming)
- Linux system security check method (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.