Linux system security hardening tutorial

1. Lock the redundant self-built account in the system

Check method:

Execute the command

#cat /etc/passwd

#cat /etc/shadow

View the account, password file, and confirm the unnecessary account with the system administrator. For some reserved system pseudo-accounts such as: bin, sys, adm, uucp, lp, nuucp, hpdb, www, daemon, etc. can be locked in as needed.

Backup Method:

#cp -p /etc/passwd /etc/passwd_bak

#cp -p /etc/shadow /etc/shadow_bak

Reinforcement method:

Use the command passwd -l <username> to lock unnecessary accounts.

Use the command passwd -u <username> to unlock the account you need to recover.

Risk:

Requires confirmation with the administrator that this operation will not affect the login of the business system

2. Setting the system password policy

Check method :

Using the command

#cat /etc/login.defs