For many people, migrating to Linux is a pleasure. For others, this is a nightmare. Especially for some administrators who have just stepped into the Linux management portal, if you do not avoid some common mistakes, it is easy to bring security risks to your network or system. This article will provide some suggestions to help these newcomers avoid these errors.
Error 1: Download and install various types of applications from multiple sources without strict review
At first glance, this may be a good idea. If you are running Ubuntu, you will know that the package manager uses the .deb package. However, many of the applications you find are available in source code. No problem? These programs may work properly after installation. But why can't you install the program at will? The reason is simple. If you install the program as a source, your package management system will not be able to track what you have installed. So, what happens when package A (installed as a source) depends on package B (installed from a .deb library) and package B is updated from the update manager? Package A may or may not work. However, if both packages A and B are installed from the .deb library, the chances of both running will be higher. In addition, updating packages is easier when all packages come from the same binary type.
Error 2: Ignore Updates
This is not to say that Linux administrators lack skills. However, many Linux administrators, after running Linux, thought that nothing would be done in the future, thinking it was safe and reliable. In fact, new updates can patch some new vulnerabilities. Maintaining updates can create a watershed between a vulnerable system and a secure system. Linux security comes from constant maintenance. In order to achieve security, in order to use some new features and stability, any administrator should keep up with the pace of Linux updates.
Error 3: Bad Password
Remember, root password is usually the key to the Linux kingdom. So why should the root password be so easily cracked? Ensuring the robustness of your user passwords is critical. If your password is long and difficult to remember, you can store this password in an encrypted location. When this password is needed, the decryption software can be used to unlock the password.
Error 4: Booting the server into X
When a machine is a dedicated server, you might think of installing X, so some administrative tasks will be simple. some. However, this does not mean that the user needs to boot the server into X. This will waste valuable memory and CPU resources. Instead, you should stop the boot process at level 3 and enter command line mode. Not only does this leave all resources to the server, but it also prevents the disclosure of confidentiality. To log in to X, the user only needs to log in as a command line and type startx to go to the desktop.
Error 5: Free license, because the license is not understood
If the license is not properly configured, it will leave a chance for the hacker. The easiest way to handle licensing issues is to use the so-called RWE methods, namely Read, Write, and Execute. Suppose you want a user to be able to read a file but not a file. To do this, you can execute: chmod u+w, u-rx filename, some new users may see an error saying they don't have permission to use the file, so they use: Chmod 777 filename, thinking that this can Avoid problems. But doing so actually leads to more problems because it gives the file executable permissions. Keep this in mind: 777 gives all users the permission to read, write, and execute a file. 666 gives the read and write permissions of a file to all users, and 555 reads and executes the file. To all users, there are 444, 333, 222, 111 and so on.
Error 6: There is no backup key configuration file
Many administrators have this experience, after upgrading to an X version, such as X11, they found The new version has broken your xorg.conf configuration file, so that you can no longer use X? It is recommended that you make a backup of the previous /etc/x11/xorg.conf before upgrading X to avoid the upgrade failure. Of course, X's upgrade program will try to back up the xorg.conf file for the user, but it will be backed up in the /etc/x11 directory. Even if this backup looks good, you'd better make a backup yourself. One of the habits of the author is to back it up to the /root directory so that the user knows that only the root user can access the file. Remember, safety first. The methods here also apply to other critical backups such as Samba, Apache, Mysql, and more.
Error 7: Log in as root user
This is a very dangerous mistake. If the user needs root privileges to execute or configure an application, he can use su to switch to the root user in a standard user account. Why isn't it a good thing to log in to root? When a user logs in as a standard user, all running X applications still have access to this user only. If the user is logged in as the root user, X has the root license. This leads to two problems. First, if the user makes a big mistake by the GUI, this error may be a huge disaster for the system. Second, running X as the root user makes the system more vulnerable to attack.
Error eight: Not installing a working kernel
You may not install more than 10 cores on a single machine. But you need to update the kernel. This update does not remove the previous kernel. How did you do it? You keep using the most recent working kernel. Suppose your current working kernel is 2.6.22, and 2.6.20 is the backup kernel. If you update to 2.6.26 and everything works fine in the new kernel, you can remove 2.6.20.
Error 9: Avoid using the command line
I am afraid that few people are willing to remember so many commands. In most cases, the graphical user interface is a favorite of many people. However, sometimes the command line is easier, faster, safer, and more reliable to use. Evading the use of the command line is a taboo for Linux management. Administrators should at least understand how the command line works, and at least master some important administrative commands.
Error 10: Ignore the log file
/var/log exists for a reason. This is the only place to store all the log files. When something goes wrong, you first need to look at it here. Check the security issue, take a look at /var/log/secure. The first place I read is /var/log/messages. This log file holds all the general errors. In this file, you can get news about the network, media changes, and more. When managing a machine, users can use a third-party application, such as logwatch, to create a variety of reports based on /var/log files for users.
These ten errors are common among some Linux administrators. Avoiding these errors will make management work safer and more robust.
Linux and BSD are free, open source, Unix-like systems. They even use a lot of the same software. T
Managing the performance of a Linux host often seems like magic. Many administrat
You can try it, but dont do bad things. Fortunately, I need a password to modify m
Layer 2 Tunneling Protocol (L2TP) is an industry standard Internet tunneling protocol that uses UDP
Linux interrupts and exceptions Basics
Minicom can't input the problem solution
Linux installation ImageMagick and JMagick complete process and configuration tutorial
Intel bsf instruction using tutorial
Linux Hypertext Cross Code Retrieval Tool
Linux operating system network card installation guide (below)
Detailed linux command: disk check repair command e2fsck
Linux LAMP service rpm package installation and configuration basic tutorial
Linux system uses NFS to achieve file sharing
Redhat-5.4 U disk installation grub configuration diagram tutorial