Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ To help you easily protect the Linux System     - How to build Mono 3.4.0 / 3.4.1 on Windows (Linux)

- On FreeBSD 10.2 Bugzilla how to install and configure Apache SSL (Server)

- 22 Port weak passwords and SSH connection program of the Linux server (Linux)

- To batch create users under Linux (Linux)

- CentOS 6 / Linux su: Unable to set user ID: Resource temporarily unavailable (Linux)

- Lua study notes under ubuntu (Linux)

- Ubuntu 14.04 compile, install, configure, the latest development version GoldenDict (Linux)

- Installation Yarock 1.1.4 Music Player in Ubuntu (Linux)

- JavaScript basic tools list (Programming)

- GAMIT baseline solution using batch were counted (Linux)

- Default permissions Linux file and directory permissions and hide - umask, chattr, lsattr, SUID, SGID, SBIT, file (Linux)

- Memcached installation, configuration and monitoring (Server)

- Linux dynamic libraries and Guide (Programming)

- Preliminary understanding of SELinux security management (Linux)

- Package the Python script file into an executable file (Programming)

- Xshell upload files to achieve Windows host Linux (Linux)

- IO reference Docker container (Server)

- Not safe procedure under Linux (Linux)

- LAMP and LNMP automated installation scripts (Server)

- Django template inheritance child (Programming)

  To help you easily protect the Linux System
  Add Date : 2018-11-21      
  Whether you are an ordinary Linux desktop user or system administrator to manage multiple servers, you are faced with the same problem: the growing threats. Linux is an open system that can find many ready-made programs and tools on the Internet, which not only convenient for users, but also convenient for hackers, because they can easily find the programs and tools to sneak into the Linux system, or steal Linux important information on the system. However, if we carefully set the Linux variety of system functions, and with the necessary safety measures, no exploits can allow hackers.

In general, the security settings on the Linux system, including the elimination of unnecessary services, restrict remote access, hide important information, patch security holes, using security tools, and regular safety checks. The ten kinds of culture and education to improve your Linux system security tactics. Although little tricks, but mouths work, you may wish to try.

1. Firewall Deployment

It sounds like one of the most "obvious" proposal (the same as using strong passwords), but surprisingly, very few people actually go to set up a firewall. Even if a router you may be using the built-in firewall, but the deployment of a software firewall in Linux system is a very easy thing, you can benefit from.

Graphical firewall, such as the recently popular Firestarter, very suitable for the definition of port forwarding rules and monitoring activities.

2. Disable unnecessary network

In general, in addition to http, smtp, telnet and ftp, other services should be eliminated, such as simple file transfer protocol tftp, imap / ipop mail storage and network transport protocol used to receive, find and search information using the gopher and the use daytime for time synchronization and time and so on.

There are also reports the system state services, such as finger, efinger, systat and netstat, etc., although the system is very useful troubleshooting and finding users, but also to provide a door to hackers. For example, a hacker can use finger to find the user's telephone service, use the directory as well as other important information. Therefore, many Linux system will cancel all or part of those services canceled in order to enhance system security.

3. Use a more secure alternative transmission

SSH is short for Secure Sockets Layer, which can be safely used to replace a program group rlogin, rsh and rcp, and other public programs. SSH uses public key technology to network communications between two hosts message encryption, and use their keys act as authentication tool.

Since SSH to encrypt the information on the network, so it can be used to securely log on to a remote host, and transmit information securely between the two hosts. In fact, SSH can not only protect the security of communication, Windows users between Linux hosts can also connect to the Linux server via SSH safely.

4. Cancel non-root access

You start it may seem inconvenient, but you should ensure that normal users can not access the system tools, etc. --- even if fsck and ifconfig almost "harmless" feature. The best way to achieve this effect is to use sudo, Sudo allows general users after configuration settings to the user's own password and then log on once, to obtain super-user privileges, but only a limited number of instruction execution. For example, after the application of sudo, you can let managers manage tape backup time every day to log into the system, obtain superuser privileges to perform the backup documentation work, but not privileged to make other super-users can only make work. Sudo not only limits the user's permission, and sudo command executed record will each use,

Regardless of the implementation of the directive is the success or failure.

5. Always check and a copy of the log

Network managers should always be vigilant, pay attention to all kinds of suspicious conditions, and the various systems on time and check the log files, including general information log, the network connection logs, file transfer log and user login logs. When examining these logs, we should pay attention to whether the anomaly time record. Hackers will often modify the log to cover their traces, so you want to save a copy of a log in an unconventional place. It is best able to log a separate house on a remote server.

6. Use password aging (password aging)

An enhanced system password aging lifetime password authentication mechanism, although it will certainly weaken the program user convenience, but it can ensure that users' passwords be changed regularly, this is a very good security measures. Therefore, if an account has been hacked and was not found, but the next password change cycle, he can no longer access the account up.

7. root login strict restrictions

Use as "root" login is not a good idea. It is safe to you as a regular user logged in, and then use su or sudo to obtain super-user privileges, and then work accordingly.

8. Physical protection

Although most attacks are relying on network implementation, and hackers the opportunity to get physical access to your computer is also very slim, but that does not mean you do not need fortification.

Add password protection to the boot program to ensure that it is always when you leave the computer is locked. And you should be completely sure that no one can start your server from an external device.

9. install the latest security updates

All popular Linux distributions in addition to regular release updates, as long as security vulnerabilities encountered, the corresponding R & D personnel will also soon release updates and patches too, you have to do is often not concerned about security updates and patches released, and timely installation .

10. pay attention to open files

Many Linux distributions include some of the very small tools used, lsof is one of them. Lsof can list all of the currently open file system. In the linux environment, everything exists in the form of a file, the file can be accessed only through the regular data, you can also access the network connectivity and hardware. By lsof tool to see which processes are using which ports, its process ID and who is running it. If you find from some exceptions, then you definitely something worthy of careful examination.
- CV: Linux command displays the progress of the run command (Linux)
- Proper use Core Data multithreaded 3 ways (Programming)
- Spring multi data source configuration (Programming)
- Linux install and configure Heartbeat (Server)
- Linux Oracle delete archived logs (Database)
- PL / SQL in forall simple test (Database)
- MySQL binlog automatic cleanup script (Database)
- Install and use automated tools Ansible in CentOS 7 (Linux)
- To build a private Docker registry (Server)
- Ubuntu Tutorial - Manually install Oracle Java JDK 8 (Linux)
- Extended VMware Ubuntu root partition size (Linux)
- JavaScript subarray Deduplication (Programming)
- MySQL primary and secondary replicate data inconsistencies (Database)
- xCAT error Unable to dispatch hierarchical sub-command to NORESOLUTION: 3001 (Linux)
- jdbc Oracle database connection string writing pluggable (Database)
- How to install Visual Studio Code on Ubuntu (Linux)
- How to use the TF / SD card making Exynos 4412 u-boot boot disk in Mac (Linux)
- Ubuntu Froxlor Server Administration panel installation (Server)
- How to install and use the malware detection tool LMD and ClamAV antivirus engine on Linux (Linux)
- Java memory analysis tool uses detailed MAT (Programming)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.