Linux system security performance check small note

Linux system security performance check small note:

1. Accounts check

# less /etc/passwd

# grep :0: /etc/passwd

Note the new user, and the UID, GID is 0 user.

2. Log Check

Note<quo;entered promiscuous mode”

Note Error Messages

Note Remote Procedure Call (rpc) programs with a log entry that includes a large number (> 20) strange characters(-^PM-^PM-^PM-^PM-^PM-^PM-^PM-^PM)

The last one has not yet understood, and has not encountered it, please Pointing.

3. Processes check

# ps -aux

Note that UID is 0

# lsof -p Suspicious process number

View the port opened by the process and File

4. Files Check

# find /-uid 0 –perm -4000 –print

# find /-size +10000k –print

# find /-name &ldquo ;…“ –print

# find /-name “ “ –print

# find /-name “. “ –print

# find /-name “ “ –print

Note SUID files, suspiciously greater than 10M, …,. And space files

5. Rpm check

# rpm –Va

Output format:

S – File size differs

M – Mode differs (permissions)

5 – MD5 sum differs

D – Device number mismatch

L – readLink path mismatch

U – user ownership differs

G – group ownership differs

T – modification time differs

Note the /sbin, /bin, /usr/sbin, and /usr/bin

Usually develop the habit of checking MD5 when installing third-party files, huh, huh, it’s not too scary

There will be a lot of 5 or missing tips when running, if not the above pass, don’t Note

6. Network Check

# ip link |  Grep PROMISC

Normal NIC should not be in promisc mode, except for security server, otherwise someone may be invading in sniffer

# lsof –i

# netstat –nap

I can't see the TCP/UDP port that I normally open. Oh, I need to pay attention to it. I think it's not like this.)

# arp –a

More horrible, is it possible to document all MAC addresses first

7. Schedule check

Note that root and UID are 0 for schedule

# crontab –u root –l

# cat /etc/crontab

# Ls /etc/cron.*