Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ To help you easily protect the Linux System     - Story timestamp and time zones: daily programmer (Programming)

- The oh-my-zsh into true my zsh (Linux)

- Linux shell string interception and stitching (Linux)

- Hadoop vs spark (Server)

- Linux common network tools: batch scanning of hosting services netcat (Linux)

- HBase table data processing tab (Database)

- Linux network monitoring strategy (Linux)

- Creating and extracting archives 11 tar command examples in Linux (Linux)

- How to set cache valid time in Apache (Server)

- The method of installing software under Ubuntu Linux (Linux)

- Install the Solaris 10 operating system environment over the network to sparc (Linux)

- Python Basics Tutorial - lambda keyword (Programming)

- How apt-get limited use IPv4 or IPv6 protocol to download (Linux)

- The user of fedora is not in the sudoers file method to solve (Linux)

- The difference between VMware virtual machine network mode (Linux)

- Shell array: Define Shell array, the array length (Programming)

- Java, on the dfile.encoding Systemproperty (Programming)

- Shell for loop (Programming)

- Download Google Android source code under Ubuntu 4.4 (Linux)

- Nginx Module Development - get user ip (Server)

 
         
  To help you easily protect the Linux System
     
  Add Date : 2018-11-21      
         
         
         
  Whether you are an ordinary Linux desktop user or system administrator to manage multiple servers, you are faced with the same problem: the growing threats. Linux is an open system that can find many ready-made programs and tools on the Internet, which not only convenient for users, but also convenient for hackers, because they can easily find the programs and tools to sneak into the Linux system, or steal Linux important information on the system. However, if we carefully set the Linux variety of system functions, and with the necessary safety measures, no exploits can allow hackers.

In general, the security settings on the Linux system, including the elimination of unnecessary services, restrict remote access, hide important information, patch security holes, using security tools, and regular safety checks. The ten kinds of culture and education to improve your Linux system security tactics. Although little tricks, but mouths work, you may wish to try.

1. Firewall Deployment

It sounds like one of the most "obvious" proposal (the same as using strong passwords), but surprisingly, very few people actually go to set up a firewall. Even if a router you may be using the built-in firewall, but the deployment of a software firewall in Linux system is a very easy thing, you can benefit from.

Graphical firewall, such as the recently popular Firestarter, very suitable for the definition of port forwarding rules and monitoring activities.

2. Disable unnecessary network

In general, in addition to http, smtp, telnet and ftp, other services should be eliminated, such as simple file transfer protocol tftp, imap / ipop mail storage and network transport protocol used to receive, find and search information using the gopher and the use daytime for time synchronization and time and so on.

There are also reports the system state services, such as finger, efinger, systat and netstat, etc., although the system is very useful troubleshooting and finding users, but also to provide a door to hackers. For example, a hacker can use finger to find the user's telephone service, use the directory as well as other important information. Therefore, many Linux system will cancel all or part of those services canceled in order to enhance system security.

3. Use a more secure alternative transmission

SSH is short for Secure Sockets Layer, which can be safely used to replace a program group rlogin, rsh and rcp, and other public programs. SSH uses public key technology to network communications between two hosts message encryption, and use their keys act as authentication tool.

Since SSH to encrypt the information on the network, so it can be used to securely log on to a remote host, and transmit information securely between the two hosts. In fact, SSH can not only protect the security of communication, Windows users between Linux hosts can also connect to the Linux server via SSH safely.

4. Cancel non-root access

You start it may seem inconvenient, but you should ensure that normal users can not access the system tools, etc. --- even if fsck and ifconfig almost "harmless" feature. The best way to achieve this effect is to use sudo, Sudo allows general users after configuration settings to the user's own password and then log on once, to obtain super-user privileges, but only a limited number of instruction execution. For example, after the application of sudo, you can let managers manage tape backup time every day to log into the system, obtain superuser privileges to perform the backup documentation work, but not privileged to make other super-users can only make work. Sudo not only limits the user's permission, and sudo command executed record will each use,

Regardless of the implementation of the directive is the success or failure.

5. Always check and a copy of the log

Network managers should always be vigilant, pay attention to all kinds of suspicious conditions, and the various systems on time and check the log files, including general information log, the network connection logs, file transfer log and user login logs. When examining these logs, we should pay attention to whether the anomaly time record. Hackers will often modify the log to cover their traces, so you want to save a copy of a log in an unconventional place. It is best able to log a separate house on a remote server.

6. Use password aging (password aging)

An enhanced system password aging lifetime password authentication mechanism, although it will certainly weaken the program user convenience, but it can ensure that users' passwords be changed regularly, this is a very good security measures. Therefore, if an account has been hacked and was not found, but the next password change cycle, he can no longer access the account up.

7. root login strict restrictions

Use as "root" login is not a good idea. It is safe to you as a regular user logged in, and then use su or sudo to obtain super-user privileges, and then work accordingly.

8. Physical protection

Although most attacks are relying on network implementation, and hackers the opportunity to get physical access to your computer is also very slim, but that does not mean you do not need fortification.

Add password protection to the boot program to ensure that it is always when you leave the computer is locked. And you should be completely sure that no one can start your server from an external device.

9. install the latest security updates

All popular Linux distributions in addition to regular release updates, as long as security vulnerabilities encountered, the corresponding R & D personnel will also soon release updates and patches too, you have to do is often not concerned about security updates and patches released, and timely installation .

10. pay attention to open files

Many Linux distributions include some of the very small tools used, lsof is one of them. Lsof can list all of the currently open file system. In the linux environment, everything exists in the form of a file, the file can be accessed only through the regular data, you can also access the network connectivity and hardware. By lsof tool to see which processes are using which ports, its process ID and who is running it. If you find from some exceptions, then you definitely something worthy of careful examination.
     
         
         
         
  More:      
 
- AngularJS - Getting Started with Routing (Programming)
- Oracle database import and export (Database)
- Puppet 3.x installed on Debian 7 (Server)
- CentOS7 virtual machine settings, and bridging problems (Linux)
- Getting Started with Linux system to learn: how to check memory usage of Linux (Linux)
- Setting Squid successful anti-hotlinking (Linux)
- KVM usb passthrough configuration (Linux)
- jQuery update the content and method of use 3.0 (Programming)
- RPM package management tools under Linux (Linux)
- MySQL display operation control tips (Database)
- Elixir: the future of programming languages (Programming)
- To install Docker under Ubuntu 15.04 (Linux)
- Linux command binlog by filtering out the complete SQL statement (Database)
- LogStash log analysis display system (Linux)
- How to determine whether the Linux server was hacked (Linux)
- How to deploy Python Web application: Heroku deployment process complete records (Server)
- Linux reserves the rest of the file to delete several (Linux)
- MongoDB in bulk timestamp change the date format (Database)
- Let Linux operating system more secure (Linux)
- Easy to install Ubuntu 15.04 and Ubuntu 15.04 GNOME on Wayland trial (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.