Home IT Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ To help you easily protect the Linux System     - Cobbler automatic mass deployment of CentOS 6 and CentOS 7 (Linux)

- Android LayoutInflater source parsing (Programming)

- Use Visual Studio to compile and use WinGDB remote debugging embedded Linux programs (Programming)

- Type Linux commands (Linux)

- Sublime Text 3 (Linux)

- How to understand the difference between synchronous and asynchronous non-blocking blocking (Programming)

- CentOS Nginx achieve 3 virtual machine load balancing (Server)

- Java developers question (Programming)

- iptables using summary (Linux)

- Using the Android interface in Parcelable (Programming)

- Node.js form --formidable (Programming)

- Heartbeat cluster components Overview (Server)

- S5PV210 development board for embedded development environment to build under Ubuntu (Linux)

- independently configurable PHP environment under CentOS6.5 (Server)

- C ++ constant definition (Programming)

- C ++ precision performance test function (Programming)

- CentOS 6.5 / Linux restart network card being given Determining if ip address x.x.x.x is already in use (Linux)

- Download Manager uGet 2.0 installed in Debian, Ubuntu, Linux Mint and Fedora (Linux)

- Ubuntu 14.04 LTS to compile the source code Android4.4.2 (Linux)

- Ubuntu way of decompressing files (Linux)

  To help you easily protect the Linux System
  Add Date : 2018-11-21      
  Whether you are an ordinary Linux desktop user or system administrator to manage multiple servers, you are faced with the same problem: the growing threats. Linux is an open system that can find many ready-made programs and tools on the Internet, which not only convenient for users, but also convenient for hackers, because they can easily find the programs and tools to sneak into the Linux system, or steal Linux important information on the system. However, if we carefully set the Linux variety of system functions, and with the necessary safety measures, no exploits can allow hackers.

In general, the security settings on the Linux system, including the elimination of unnecessary services, restrict remote access, hide important information, patch security holes, using security tools, and regular safety checks. The ten kinds of culture and education to improve your Linux system security tactics. Although little tricks, but mouths work, you may wish to try.

1. Firewall Deployment

It sounds like one of the most "obvious" proposal (the same as using strong passwords), but surprisingly, very few people actually go to set up a firewall. Even if a router you may be using the built-in firewall, but the deployment of a software firewall in Linux system is a very easy thing, you can benefit from.

Graphical firewall, such as the recently popular Firestarter, very suitable for the definition of port forwarding rules and monitoring activities.

2. Disable unnecessary network

In general, in addition to http, smtp, telnet and ftp, other services should be eliminated, such as simple file transfer protocol tftp, imap / ipop mail storage and network transport protocol used to receive, find and search information using the gopher and the use daytime for time synchronization and time and so on.

There are also reports the system state services, such as finger, efinger, systat and netstat, etc., although the system is very useful troubleshooting and finding users, but also to provide a door to hackers. For example, a hacker can use finger to find the user's telephone service, use the directory as well as other important information. Therefore, many Linux system will cancel all or part of those services canceled in order to enhance system security.

3. Use a more secure alternative transmission

SSH is short for Secure Sockets Layer, which can be safely used to replace a program group rlogin, rsh and rcp, and other public programs. SSH uses public key technology to network communications between two hosts message encryption, and use their keys act as authentication tool.

Since SSH to encrypt the information on the network, so it can be used to securely log on to a remote host, and transmit information securely between the two hosts. In fact, SSH can not only protect the security of communication, Windows users between Linux hosts can also connect to the Linux server via SSH safely.

4. Cancel non-root access

You start it may seem inconvenient, but you should ensure that normal users can not access the system tools, etc. --- even if fsck and ifconfig almost "harmless" feature. The best way to achieve this effect is to use sudo, Sudo allows general users after configuration settings to the user's own password and then log on once, to obtain super-user privileges, but only a limited number of instruction execution. For example, after the application of sudo, you can let managers manage tape backup time every day to log into the system, obtain superuser privileges to perform the backup documentation work, but not privileged to make other super-users can only make work. Sudo not only limits the user's permission, and sudo command executed record will each use,

Regardless of the implementation of the directive is the success or failure.

5. Always check and a copy of the log

Network managers should always be vigilant, pay attention to all kinds of suspicious conditions, and the various systems on time and check the log files, including general information log, the network connection logs, file transfer log and user login logs. When examining these logs, we should pay attention to whether the anomaly time record. Hackers will often modify the log to cover their traces, so you want to save a copy of a log in an unconventional place. It is best able to log a separate house on a remote server.

6. Use password aging (password aging)

An enhanced system password aging lifetime password authentication mechanism, although it will certainly weaken the program user convenience, but it can ensure that users' passwords be changed regularly, this is a very good security measures. Therefore, if an account has been hacked and was not found, but the next password change cycle, he can no longer access the account up.

7. root login strict restrictions

Use as "root" login is not a good idea. It is safe to you as a regular user logged in, and then use su or sudo to obtain super-user privileges, and then work accordingly.

8. Physical protection

Although most attacks are relying on network implementation, and hackers the opportunity to get physical access to your computer is also very slim, but that does not mean you do not need fortification.

Add password protection to the boot program to ensure that it is always when you leave the computer is locked. And you should be completely sure that no one can start your server from an external device.

9. install the latest security updates

All popular Linux distributions in addition to regular release updates, as long as security vulnerabilities encountered, the corresponding R & D personnel will also soon release updates and patches too, you have to do is often not concerned about security updates and patches released, and timely installation .

10. pay attention to open files

Many Linux distributions include some of the very small tools used, lsof is one of them. Lsof can list all of the currently open file system. In the linux environment, everything exists in the form of a file, the file can be accessed only through the regular data, you can also access the network connectivity and hardware. By lsof tool to see which processes are using which ports, its process ID and who is running it. If you find from some exceptions, then you definitely something worthy of careful examination.
- C ++ stderr / stdout redirected to a file (Programming)
- Python2.7.7 source code analysis (Programming)
- Initialization and starting process of Linux (Linux)
- Python in os.path Magical (Programming)
- Kali Linux virtualbox rc = Error 1908 workaround (Linux)
- How to install OpenOffice Ubuntu or Linux Mint (Linux)
- OpenGL Superb Learning Notes - GLSL language foundation (Programming)
- Redis logging system (Database)
- To execute the cp command prompt type skip folder under CentOS (Linux)
- MySQL main and backup replication structures (using mysqld_multi) (Database)
- Terminal Linux command prints - echo (Linux)
- Redis Linux system installation guide (Database)
- SSH does not require a password to log on to a Linux server (Server)
- blecat: Bluetooth Gadgets (Linux)
- Linux iptables: combat scenes (Linux)
- Cacti installation deployment under CentOS 6.6 (Server)
- jobs command example (Linux)
- SecureCRT session buffer size settings (Linux)
- stat - Get more information than ls (Linux)
- CentOS 5.3 under broadcom NIC dual activation issues (Linux)
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.