Linux system how to set up security management

Linux is a free-spreading operating system, Linux system processes can operate on any file, database, etc. under certain conditions. If this process is used by criminals for other illegal purposes, it will bring significant harm to the system. As a Linux system that accounts for the majority of the market in the server, it is necessary to ensure the security of the computer system under this premise, so we have to manage the security of its process. So how to set up Linux system security management?

Here is the set of system security management steps:

root password 1. bootstrap security

Linux system is very easy to crack, of course, provided that you There is no bootloader password set, such as GRUB or LILO. To prevent the root password from being decrypted by the bootloader, it is strongly recommended to set the boot password for GRUB or LILO. You can edit its configuration file /etc/grub.conf or /etc/lilo.conf and set it. Password parameter.

2. Insecure permission settings

Everyone's common file permissions under Linux is rwx. In fact, there is a permission called s. If you give s permission to a file, then this file is in When executed, you will have the permissions of the corresponding host user or host group user, for example:

#chmod u+s testfile

#ls -la testfile

rwsr-- --- root root 10 testfile

Thus, when this file is executed by other users, this user has the execute permission of the file host user root for the testfile. Similarly, when the file's host group has s privilege, the user who executes the file has the permissions of the file host group user for this file, which is quite dangerous.

You can imagine that if the chmod file is given the s permission, what other users can't do? Then it can change the permissions of any file. Of course, the s permission needs to be combined with the x privilege. The s privilege without the x privilege has no meaning.

3. Automatic logout

When a user forgets to log out after using the server, it is also very dangerous. At this time, the administrator can set the timeout parameter of the /etc/profile file when the user The system automatically logs out this user when no operations are performed for a period of time.

4. Setting Password Complexity

To prevent the system user password from being too simple to be deciphered, you can edit the /etc/login.defs file to set the system user password complexity, such as the longest password. , the shortest, the expiration time, etc.

5. Prevent unnecessary users from logging in to the system

In order to prevent other non-system users from logging into the system, you can give the user a non-existent home directory and a non-existent shell environment when adding users. Of course, it is best to change the access permissions of the /etc/passwd and /etc/shadow files so that the root user can access them later.

The Linux system is characterized by the fact that it is a free-distribution operating system that has the natural characteristics that the server should have, but it is because of these characteristics that it will be mismanaged. Causes serious security problems, so let's use it and protect it!