Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Unix system security configuration     - How to update the ISPConfig 3 SSL Certificates (Server)

- Linux System Tutorial: How to browse the Linux command line, weather forecast (Linux)

- Hands to teach you to solve Ubuntu error message (Linux)

- Linux System Getting Started Learning: The Linux command line burn ISO or NRG image to DVD (Linux)

- printf PHP string operations () built-in function usage (Programming)

- Install Oracle 11g illustrations and dependent libraries under SUSE11 (Database)

- Python Socket Network Programming (Programming)

- TPCC-MySQL Benchmark (Database)

- Build Nginx + uWSGI + Flask operating environment under CentOS 6.4 tutorial (Server)

- Linux SVN installation and configuration graphic tutorials (Server)

- How to compare PDF files on Ubuntu (Linux)

- Create a custom pixel format based on an existing image data BufferedImage (Programming)

- Django url () function Detailed (Programming)

- Linux system security norms (Linux)

- How to manage your to-do list with the Go For It on Ubuntu (Linux)

- Nodejs nano library to handle couchdb: need a timeout (Database)

- Stucts2 values on the page and how the attribute values corresponding to the Action (Programming)

- SUSE Linux network configuration and firewall configuration (Linux)

- Linux user status query, and to unlock locked user (Linux)

- CentOS 7 Configure logging (VirtualBox) (Linux)

 
         
  Unix system security configuration
     
  Add Date : 2017-01-08      
         
         
         
  First of all we can to trace the source of the path the intruder by the following system commands and configuration files:
1.who ------ (see who is logged on to the system.)
2.w -------- (see who is logged on to the system, and what to do.)
3.last ----- (the display system had been logged in user and TTYS.)
4.lastcomm- (display command system used to be running.)
5.netstat - (you can view the current state of the network, such as telnet to your machine up the user's IP address, as well as some other network status.)
6. Check the router information.
7./var/log/messages view external user's login status.
8. Use the finger to see all of the login user.
9. To view the user directory under / home / username login history file under (.history.rchist, etc).
After Note:? 0 who 0, 0 w 0, 0 last 0 ?, and 0 lastcomm 0 These commands rely on the / var / log / pacct, / var /?????????????? log / wtmp, / etc / utmp to report information to you. Many savvy systems administrator for an intruder would shield these logs (/ var / log / *, / var / log / wtmp, etc) (tcp_wrapper suggest that you install all the illegal landing to connect your machine).
Next, the system administrator may want to turn off all the back door, be sure to prevent intruders from accessing the internal network from the outside possible. If an intruder found that the system administrator discovered that he has entered the system, he may pass rm -rf / * try to conceal their mark.
Thirdly, we want to protect the underlying system commands, and system configuration files in order to obtain the right to prevent an intruder to modify the system's replacement.
1. / bin / login
2. /usr/etc/in.* file (for example: in.telnetd)
3.inetd super daemon (listening port, waiting for a request, derive the corresponding server process) wake-up service.
(The following server processes usually started by inetd: fingerd (79), ftpd (21), rlogind (klogin, eklogin, etc), rshd, talkd, telnetd (23), tftpd.inetd can also start other internal services, / etc /inetd.conf defined services.
4. do not allow very ROOT users netstat, ps, ifconfig, su.
Fourth, the system administrator to regularly observe the changes to the system (eg: files, system time, and so on).
1. #ls -lac to view the file modification time real.
2. #cmp file1 file2 compare the file size changes.
Fifthly, we must prevent unauthorized users from using the suid (set-user-id) program to obtain the permission ROOT.
1. First we have to find all the SUID system programs.
#find / -type f -perm -4000 -ls
2. Then we have to analyze the entire system to ensure the system is no back door.
Sixth, the system administrator to regularly check the user's .rhosts, .forward files.
1. # find / -name .rhosts -ls -o -name .forward -ls to check .rhosts file contains? 0? +? 0 ?, there the user can remotely modify this file without any password.
2. # find / -ctime -2 -ctime +1 -ls to view some files modified within less than two days, in order to determine whether there is an illegal user into the system.
Seventh, make sure your system has the latest among the sendmail daemon, because the old sendmail daemon to allow other UNIX machines running remotely illegal commands.
Eighth, the system administrator should be from your machine, operating system manufacturers there safe shop small program, if it is free software, then (such as linux platform, we can recommend to linux.box.sk to get the best security procedures and safety information.)
Ninth, here are some ways to monitor checks if the machine is vulnerable to attack.
1. # rpcinfo -p to check whether your machine is running some unnecessary process.
2. # vi /etc/hosts.equiv file can not be trusted to check your hosts removed.
3. If there is no shield in /etc/inetd.conf tftpd, make your / etc / inetd.conf added:
tftp dgram udp wait nobody /usr/etc/in.tftpdin.tftpd -s / tftpboot
4. It is recommended that you back up /etc/rc.conf file, write a shell script on a regular basis to compare.
cmp rc.conf backup.rc.conf
5. Check your inetd.conf and / etc / services file, and ensure that no unauthorized users on the inside to add some services.
6. Put your system / var / log / * The following log files to a safe place to prevent intruders #rm / var / log / *.
7. be sure to configure anonymous FTP server is correct, my machine using proftpd, in proftpd.conf must be configured correctly.
8. Good backup / etc / passwd, and then change the root password. We must ensure that this file can not access the intruder to prevent it from speculation.
9. If you are not able to prevent illegal intruders broke into, you can install ident daemon process and TCPD daemon process to find the intruder account!
10. Make sure your console terminal is secure to prevent unauthorized users to remotely log in to your network up.
11. Check hosts.equiv, .rhosts, hosts, lpd Notes have identification #, if an intruder using its host name instead of #, then it means he does not need any password can access your machine.
     
         
         
         
  More:      
 
- C ++ containers (Programming)
- TL-WR703N to install OpenWrt process notes (Linux)
- Performance issues under CentOS 6.5 VLAN devices (Linux)
- Shared directory settings between Linux and Linux (Linux)
- Docker container plaintext password problem-solving way (Server)
- Linux and Windows Security Topics (Linux)
- Ubuntu How to install screen recording tool Simple Screen Recorder 0.3.1 (Linux)
- Single Instance ASM under CRS-4124, CRS-4000 error handling (Database)
- Linux iptables firewall settings (Linux)
- Linux (Ubuntu) How iptables port mapping (Server)
- The default permissions for files and directories under Linux computing (Linux)
- To install Python-Pip and Fabric under CentOS / Ubuntu (Linux)
- FileZilla FTP && TLS connection settings of (Linux)
- OpenJDK 7 compiled under Ubuntu 14.04.3 64-bit (Linux)
- 256 with rich colors decorate your terminal (Linux)
- Heartbeat cluster components Overview (Server)
- DRBD installation configuration, working principle and Recovery (Server)
- How to use nmap command in Linux (Linux)
- Installation Experience open source car Automotive Grade Linux system (Linux)
- Nginx Keepalived Nginx monitoring scripts (Server)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.