Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ To help you easily protect the Linux System     - C ++ Supplements --new delete overload (Programming)

- MySQL and MariaDB traditional master-slave cluster configuration (Database)

- How to deploy Python Web application: Heroku deployment process complete records (Server)

- Use exp exported EXP-00091 error (Database)

- How to create a cloud encrypted file system in Linux systems (Linux)

- mysqldump issue a note (Database)

- CentOS7 installation performance monitoring system (Server)

- Kubernetes cluster deployment (Server)

- Swift notes - let you two hours to learn Swift (Programming)

- Linux System Getting Started Learning: Using the Linux command line detected DVD burner name and write speeds (Linux)

- QEMU code analysis: BIOS loading process (Linux)

- How to install Go1.5 source development environment on Mac (Server)

- Java Graphics2D Paint (Programming)

- Ubuntu installation module Python rq (Linux)

- MySQL high availability cluster fragmentation of deployment uses Fabric (Database)

- Gitolite how to import other Git repositories (Server)

- Scope of variables in Object-C (Programming)

- Use Swift remove the spaces in the string (Programming)

- Installation and Configuration ISC DHCP server on Debian Linux (Server)

- Redhat Close SELinux correct step (Linux)

 
         
  To help you easily protect the Linux System
     
  Add Date : 2018-11-21      
         
       
         
  Whether you are an ordinary Linux desktop user or system administrator to manage multiple servers, you are faced with the same problem: the growing threats. Linux is an open system that can find many ready-made programs and tools on the Internet, which not only convenient for users, but also convenient for hackers, because they can easily find the programs and tools to sneak into the Linux system, or steal Linux important information on the system. However, if we carefully set the Linux variety of system functions, and with the necessary safety measures, no exploits can allow hackers.

In general, the security settings on the Linux system, including the elimination of unnecessary services, restrict remote access, hide important information, patch security holes, using security tools, and regular safety checks. The ten kinds of culture and education to improve your Linux system security tactics. Although little tricks, but mouths work, you may wish to try.

1. Firewall Deployment

It sounds like one of the most "obvious" proposal (the same as using strong passwords), but surprisingly, very few people actually go to set up a firewall. Even if a router you may be using the built-in firewall, but the deployment of a software firewall in Linux system is a very easy thing, you can benefit from.

Graphical firewall, such as the recently popular Firestarter, very suitable for the definition of port forwarding rules and monitoring activities.

2. Disable unnecessary network

In general, in addition to http, smtp, telnet and ftp, other services should be eliminated, such as simple file transfer protocol tftp, imap / ipop mail storage and network transport protocol used to receive, find and search information using the gopher and the use daytime for time synchronization and time and so on.

There are also reports the system state services, such as finger, efinger, systat and netstat, etc., although the system is very useful troubleshooting and finding users, but also to provide a door to hackers. For example, a hacker can use finger to find the user's telephone service, use the directory as well as other important information. Therefore, many Linux system will cancel all or part of those services canceled in order to enhance system security.

3. Use a more secure alternative transmission

SSH is short for Secure Sockets Layer, which can be safely used to replace a program group rlogin, rsh and rcp, and other public programs. SSH uses public key technology to network communications between two hosts message encryption, and use their keys act as authentication tool.

Since SSH to encrypt the information on the network, so it can be used to securely log on to a remote host, and transmit information securely between the two hosts. In fact, SSH can not only protect the security of communication, Windows users between Linux hosts can also connect to the Linux server via SSH safely.

4. Cancel non-root access

You start it may seem inconvenient, but you should ensure that normal users can not access the system tools, etc. --- even if fsck and ifconfig almost "harmless" feature. The best way to achieve this effect is to use sudo, Sudo allows general users after configuration settings to the user's own password and then log on once, to obtain super-user privileges, but only a limited number of instruction execution. For example, after the application of sudo, you can let managers manage tape backup time every day to log into the system, obtain superuser privileges to perform the backup documentation work, but not privileged to make other super-users can only make work. Sudo not only limits the user's permission, and sudo command executed record will each use,

Regardless of the implementation of the directive is the success or failure.

5. Always check and a copy of the log

Network managers should always be vigilant, pay attention to all kinds of suspicious conditions, and the various systems on time and check the log files, including general information log, the network connection logs, file transfer log and user login logs. When examining these logs, we should pay attention to whether the anomaly time record. Hackers will often modify the log to cover their traces, so you want to save a copy of a log in an unconventional place. It is best able to log a separate house on a remote server.

6. Use password aging (password aging)

An enhanced system password aging lifetime password authentication mechanism, although it will certainly weaken the program user convenience, but it can ensure that users' passwords be changed regularly, this is a very good security measures. Therefore, if an account has been hacked and was not found, but the next password change cycle, he can no longer access the account up.

7. root login strict restrictions

Use as "root" login is not a good idea. It is safe to you as a regular user logged in, and then use su or sudo to obtain super-user privileges, and then work accordingly.

8. Physical protection

Although most attacks are relying on network implementation, and hackers the opportunity to get physical access to your computer is also very slim, but that does not mean you do not need fortification.

Add password protection to the boot program to ensure that it is always when you leave the computer is locked. And you should be completely sure that no one can start your server from an external device.

9. install the latest security updates

All popular Linux distributions in addition to regular release updates, as long as security vulnerabilities encountered, the corresponding R & D personnel will also soon release updates and patches too, you have to do is often not concerned about security updates and patches released, and timely installation .

10. pay attention to open files

Many Linux distributions include some of the very small tools used, lsof is one of them. Lsof can list all of the currently open file system. In the linux environment, everything exists in the form of a file, the file can be accessed only through the regular data, you can also access the network connectivity and hardware. By lsof tool to see which processes are using which ports, its process ID and who is running it. If you find from some exceptions, then you definitely something worthy of careful examination.
     
         
       
         
  More:      
 
- System Safety: Windows and Linux platforms (Linux)
- CentOS 6.4 RPM install MySQL-5.6.22-1 (Database)
- Java Access Control (Programming)
- Linux Powerful IDE - Geany configuration instructions (Linux)
- Xmanager Remote Desktop login CentOS 6.5 (Linux)
- String JavaScript type system (Programming)
- Ubuntu: To install chat client Chatty 0.6.1 (Linux)
- A simple shell script for monitoring in Linux (Linux)
- Linux install Maven and SVN client (Linux)
- Redis application of Sina Weibo (Database)
- High-performance JavaScript DOM programming (Programming)
- Ubucompilator-Ubuntu, Debian, Linux Mint created deb package of graphical tools (Linux)
- Oracle table of nested loop connection (Database)
- How to configure security services under Linux (Linux)
- tar command to extract a file error: stdin has more than one entry (Linux)
- Unsafe reboot start (Linux)
- Linux package management operations Basic entry (Linux)
- Linux system security settings after installation (Linux)
- Mac OS X 10.10 Yosemite compiling OpenJDK 9 (Linux)
- Linux file system data file deletion problem space is not freed (Database)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.