Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ The security configuration of Linux     - Installation and configuration under Linux SVN server - Backup - Recovery - Scheduled Tasks (Server)

- To delete the directory and all specified files under the Mac (Linux)

- C # Future: Tracking null reference (Programming)

- JavaScript is implemented without new keywords constructor (Programming)

- 12 Linux Process Management Commands (Linux)

- ImportTsv-HBase data import tool (Database)

- Modern Objective-C syntax and new features (Programming)

- Linux package management (Linux)

- PL / SQL -> UTL_FILE use presentation package (Database)

- hadoop 2.7.1 High Availability Setup Deployment (Server)

- Oracle query start with connect by tree (Database)

- WinSCP to transfer text files will automatically convert the format (Linux)

- Java String type time compare the size (Programming)

- Oracle index visible and hidden (visible / invisible) (Database)

- How to remove the files inside the privacy of data on Linux (Linux)

- CentOS 6.5 makes the LAN http source (Linux)

- Open SSH remote access service that allows Android phone Ubuntu 14.04 (Linux)

- Android SDK Manager can not update the domestic solutions (Linux)

- MySQL thread cache thread_cache_size parameter optimization (Database)

- C # / iOS / Android Universal Encryption and decryption (Programming)

 
         
  The security configuration of Linux
     
  Add Date : 2017-08-31      
         
         
         
  As we all know, network security is a very important issue, and network security server is the most critical link. Linux is considered a more secure Internet server, as an open source operating system, Linux system once found security vulnerabilities on the Internet volunteers from around the world will actively repair it.

However, system administrators often do not get timely information and make corrections, which gives hackers an opportunity to exploit. In contrast to these security vulnerabilities system itself, more security problems are caused by improper configuration created and can be prevented by appropriate configuration. Here's a short list of the following points for your reference:

1, the firewall does not need to close any port, less than others PING server, reducing the threat of a half natural

Prevent others ping method:

1) command prompt fight

echo 1> / proc / sys / net / ipv4 / icmp_ignore_all

2) prohibit firewall (or discard) icmp packet

iptables -A INPUT -p icmp -j DROP

3) All communication with ICMP packets not respond

Such as PING TRACERT

2, change the SSH port, preferably to more than 10,000 others to port scan chances will fall

vi / etc / ssh / sshd_config

The PORT to port above 1000

At the same time, create an ordinary user login and canceled direct root login

useradd 'username'

passwd 'username'

vi / etc / ssh / sshd_config

In the last add the following sentence:

PermitRootLogin no # cancel direct remote root login

3, delete unnecessary bloated system account:

userdel adm userdel lp userdel sync userdel shutdown userdel halt userdel news userdel uucp userdel operator userdel games userdel gopher userdel ftp if you do not allow anonymous FTP, you delete the user account groupdel adm groupdel lp groupdel news groupdel uucp groupdel games groupdel dip groupdel pppusers

4, change the following file permissions, so that people do not change any account permissions:

chattr + i / etc / passwd chattr + i / etc / shadow chattr + i / etc / group chattr + i / etc / gshadow

5, chmod 600 /etc/xinetd.conf

6, turn off the anonymous FTP user login
     
         
         
         
  More:      
 
- How to build a container cluster (Server)
- Debian (Wheezy) Install Java environment / replace OpenJDK as the SUN JDK (Linux)
- Sublime Text 3 (Linux)
- Ubuntu 14.04 install the NVIDIA driver + CUDA + MATLAB (Linux)
- Installation under Linux to deploy Java (Linux)
- Linux Firewall IPCop Profile (Linux)
- A command to install Sublime Text 3 on Manjaro / Archlinux (Linux)
- Linux common network tools: hping Advanced Host Scan (Linux)
- MySQL Installation Troubleshooting (Database)
- Linux ldconfig command (Linux)
- Fedora 20 installation source Xen4.3.0 (Linux)
- Install Java JDK 8 in CentOS 7 / 6.5 / 6.4 (Linux)
- Python implementation restart the router (Programming)
- Vim useful plugin: EasyGrep (Linux)
- About Hibernate cache, you want the latest data have trouble even session.clear (Database)
- PF_RING 6.0.2 compiled and installed on Redhat 6.3 x86_64 (Linux)
- Introduction to Linux system process monitoring tools (Linux)
- Linux 64-bit porting (Programming)
- CentOS 7 version how to achieve the power to start the graphical interface (Linux)
- Using Vagrant create cross-platform development environment (Linux)
     
           
     
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.