Since the Linux operating system a good network features, so most sites on the Internet Linux servers are used as the primary operating system. But because the operating system is a multi-user operating system, hackers in order to hide themselves in the attack, they tend to choose Linux as the first object of attack. Then, as a Linux user, how can we reasonable methods to protect against Linux's security? Here we have collected and analyzed some preventive measures Ikunori Linux security, now put out their contribution, ask you friends can continue to add and improve.
1, prohibits the use of ping command
ping command is mutual detection line intact between a computer application, the transfer of data exchange between computers without any encryption processing, so we use the ping command to detect when one of the servers, there may be an illegal on the Internet molecules, through a dedicated network hacking program on the information transmitted halfway line to steal and theft over the use of the information on the specified server or system attack, for which we need to prohibit the use of Linux commands on a Linux system. In linux, the ping did not respond if it is to make is to ignore icmp packets, so we can enter the following command at the Linux command line: echo 1> / proc / sys / net / ipv4 / icmp_echo_igore_all; if you want to revert ping command, you can enter echo 0> / proc / sys / net / ipv4 / icmp_echo_igore_all command.
2, pay attention to timely backup system
In order to prevent the occurrence of the system other than the use of the process is difficult to run properly, we should back up the Linux system intact, it is best to complete the installation tasks in a Linux system after the backup of the entire system, according to this backup later to verify the integrity of the system, so you can find the system file has been illegally modified. If the system files have been damaged occurs, you can use the system backup to restore to normal state. When the backup information, we can put good back up system information on a CD-ROM disc, the system can later be regularly and contents of the disc are compared to verify the integrity of the system is damaged. If the requirements are particularly high level of security, you can set the bootable CD and will validate the system work as part of the process started. So long as you can boot to the CD, it shows the system had not been destroyed.
3. Improve the login server
The system logon server to a separate machine will increase the system's security level, use a more secure login server to replace Linux's own tools can further enhance login security. Linux in large networks, it is preferable to use a single login server for the syslog service. It must be a system registry to meet all needs and have enough disk space for server systems, in this system should be no other services running. More secure login server will greatly weaken the intruder tampering with log files through the sign-on system.
4. Cancel root command history
In linux, the system will automatically record the user input over the command, and the command issued by root users often have sensitive information, in order to ensure security, the general should not be recorded or less root command history records of. To set up the system for each person executed commands are not recorded, we can in linux command line, first cd into the / etc command, and then use the Edit command to open the following list of profile file and enter the following :
HISTFILESIZE = 0
HISTSIZE = 0
Of course, we can also directly enter the following command at the command line: ln -s / dev / null ~ / .bash_history.
5, the establishment of the read-only attribute as the key district
Linux file systems can be divided into several main partitions, each respectively different configuration and installation, under normal circumstances at least to build /, / usr / local, / var, and / home partition and so on. / Usr can be mounted read-only and can be considered to be immutable. If / usr have changed any files, then the system will immediately send the security alert. Of course, this does not include the user to change / usr contents. / Lib, / boot and / sbin to install and set up the same. When installation should try to set them as read-only, and their files, directories, and attributes of any changes will cause the system to alarm.
Of course, all the major district are set to read-only is not possible, some partitions such as / var, with its own nature determines they can not be set to read-only, but should not allow it to have execute permissions.
6, kill all processes attacker
Suppose we found a user login from our unknown host, and we determine that the user does not have a corresponding account on this host, which indicates that at this time we are under attack from the system's log files. In order to ensure the safety of the system is further damaged, we should immediately lock the specified account, if the attacker already logged on to the specified system, we should immediately disconnect the physical connection to the network host. If possible, we need to check the history of this user, and then carefully check whether other users have also been fake, if an attacker with limited privileges; Finally, it should kill all processes for this user, and the IP for this host address mask added to the hosts.deny file.
7, improved internal security systems
We can improve the Linux operating system's internal functions to prevent buffer overflow, so as to achieve the purpose of enhancing internal security of Linux systems, greatly improving the security of the entire system. However, the buffer overflow is very difficult to implement because the intruder must be able to judge when a potential buffer overflow occurs and its location in memory of what occurred. Buffer overflow is also very difficult to prevent, the system administrator must completely remove the buffer overflow condition exists to prevent this form of attack. Because of this, many people even think that Linux Torvalds himself Linux security patches is important because it prevents all use of buffer overflow attacks. But require attention, these patches will lead to new challenges to the implementation of certain programs and stack library dependency problems, these problems are brought to the system administrator.
8, the system track record
In order to be able to closely monitor the hacker attacks, we should start a log file to record the operation of the system, when a hacker attack system, which clues will be recorded in the log file, so there are many hackers began attacking system when often the first by modifying the system log files to hide their whereabouts, for which we must restrict access to / var / log files, the general prohibition of privileged users to view the log file. Of course, the system built-in log management program features may not be too strong, we should be using a special logger to observe that several suspicious connection attempts. In addition, we have to be careful to protect with a password and user root access, because once you know these hackers have root privileges account, they can modify log files to hide their tracks a.
9, using a dedicated program to prevent security
Sometimes our security by artificial means to monitor the system more trouble, or are not careful, we can also prevent the security system through the professional program, the most typical method is to set traps and honeypots set up in two ways. The so-called trap is activated when the alarm event can trigger the software, but honey pot (honey pot) program being designed to lure those who have attempted intrusion alarm triggered the trap of special procedures. By setting traps and honeypots procedures, once the invasion alarm system quickly appeared. In many large networks are generally designed with a special trap program. Trap procedure is generally divided into two types: one is only found an intruder without their retaliation, the other is and to take retaliatory action.
10, will be nipped in the bud invasion
Usually do before the intruder attacks thing is to end the scan resolution, if the ability to detect and deter intruders Pin scanning behavior, you can greatly reduce the incidence of invasion. The reaction system can be a simple status check packet filter, it can be a complicated intrusion detection system or firewall configuration. We can use this as a professional tool Abacus Port Sentry, to monitor the network interface and interact with the firewall, and ultimately shut down the port scan attack purposes. When the port scan occurs ongoing, Abacus Sentry can quickly stop it continue. However, if configured incorrectly, it could allow a hostile external person to install on your system denial of service attacks. Proper use of this software will be able to effectively prevent a large number of end number of parallel scan and prevent all such intruders.
11, strict management and good passwords
Earlier we had also once said, once hackers to obtain root privileges have an account, you can damage the system and any attack, so we have a good password protected operating system. Usually the user's password is stored in the file / etc / passwd file, although the / etc / passwd is an encrypted file, but hackers can through many specialized search methods to find the password, if our password inappropriate choice hackers can easily be searched. Therefore, we must make sure to choose a password can not be easily searched. In addition, we had better be able to install a password filtering tool, and borrow the tools to help you set a password to check whether withstand attack.