In Linux systems, the user account is the user's identity symbol, which consists of the user name and user password. The system places the entered username in the /etc/passwd file, and the entered password is encrypted in the /etc/shadow file. Under normal circumstances, these passwords and other information are maintained by the operating system
, which can be superuser (root) to perform some operations. When we do security hardening, we will do the following security hardening for the user management part of Linux. Please refer to: 1. Deleted user account and group account: #userdel usernameuserdel admuserdel lpuserdel syncuserdel shutdownuserdel haltuserdel newsuserdel uucpuserdel operatoruserdel gamesuserdel gopher The user deleted above is created by default, but some accounts are not used in the common server, but these Accounts are often hacked and attacked. #groupdel usernamegroupdel admgroupdel lpgroupdel newsgroupdel uucpgroupdel gamesgroupdel dip Similarly, the above is also the group account created by default. So it will increase the chance of being attacked. 2. User password setting: The default password when installing linux The minimum length is 5 bytes, but this is not enough. Set it to 8 bytes. Change the minimum password length to edit the login.defs file (vi /etc/login.defs)PASS_MAX_DAYS 99999 ## Password setting maximum validity period (default) PASS_MIN_DAYS 0 ## password setting minimum validity period PASS_MIN_LEN 5 ##Set password minimum length PASS_WARN_AGE 7 ## Advance a few days in advance that the user password is about to expire. 3. Modify the active logout account: Actively log out the login of the account. In the Linux system, the root account has the highest privilege. If the system administrator forgets to log out of the root account before leaving the system, it will bring a great security risk, and the system should be voluntarily logged off. This can be done by correcting the “TMOUT” parameter in the account. TMOUT is set in seconds. Edit the profile file (vi /etc/profile) and insert the following line after ”HISTSIZE=”: TMOUT=300300, which means 300 seconds, which means 5 minutes. If the user logging in to the system has no activity within 5 minutes, the system will actively log out of the account. 4. Lock the system's username and password files: chattr +i /etc/passwdchattr +i /etc/shadowchattr +i /etc/gshadowchattr +i /etc/group Note: chattr is a command to change file attributes, parameter i Representatives are not allowed to change files or directories at will, where i is immutable. View properties: lsattr /etc/passwd
Add ftp user in linux, and set the corresponding permissions, the operation steps are as follows: 5
The Linux boot file is stored in the grub.conf configuration file in the /boot/grub/directory. 1.
The Gentoo Linux operating system (pronounced /ˈdʒɛntuː/) is a Linux meta-release
Matthew Garrett, Core Developer from Red Hat, publishes a detailed article on Fedora 18. It will int
Linux crashes the problem of processing
Linux system network card binding implementation tutorial
Linux operating system static routing setup skills introduction
Linux system mount point and partition relationship
Three lightweight WebServer--lighttpd, thttpd, shttpd introduction
Implementing Nagios Service on Centos
Instance resolution: Linux system transparent firewall related settings
CentOS Linux builds .NET environment
Graphic mode and text mode switch between Linux installations
How to solve multiple computer icons on Win10 desktop
Windows7 market soared to 3.7% global piracy
Three common reasons why the mouse can't move under the win 7 system and the solution
Where is the win7 system Sogou input method skin file?
How is Unix system managed securely?
Convert PDF documents into Word documents steps
Win7 desktop window intelligent display skills
Win8 system input method fast switching skill