As we all know, network security is a very important topic, and servers are the most critical part of network security. Linux is considered to be a relatively secure Internet server. As an open source operating system, once a security vulnerability is discovered in a Linux system, volunteers from around the world will be patched up on the Internet. However, system administrators often fail to get information and make corrections in a timely manner, which gives hackers a chance. However, relative to the security vulnerabilities of these systems themselves, more security issues are caused by improper configuration and can be prevented by proper configuration. The more services that are running on the server, the more opportunities there are for improper configuration, and the greater the likelihood of security issues. In this regard, this article will introduce some knowledge to enhance the security of Linux /Unix server systems.
System Security Record File
The internal log file of the operating system is an important clue to detect whether there is network intrusion. If your system is directly connected to the Internet, you find that many people have Telnet/FTP login attempts on your system. You can run "#more /var/log/secure grep refused" to check the system for attacks. Corresponding countermeasures, such as using SSH to replace Telnet/rlogin.
Startup and Login Security
1. BIOS Security
Setting the BIOS password and modifying the boot order prohibit booting the system from a floppy disk.
2.
user password user password is a basic starting point for Linux security, user password is too simple a lot of people use, which is equal to the intruder opened the door, although theoretically, As long as there is enough time and resources available, there is no user password that cannot be cracked. But choosing the password to get it is difficult to crack. The better user password is a string of characters that only he can easily remember and understand, and never write it anywhere.
3.Default account
All default accounts that are started by the operating system itself and are unnecessary should be disabled. This should be done when you first install the system. Linux provides a lot. The default account, and the more accounts, the more vulnerable the system is to attack.
You can delete the account with the following command.
# userdelusername
Or use the following command to delete the group user account.
# groupdel username
4. Password File
The chattr command adds unchangeable attributes to the following files to prevent unauthorized users from gaining access.
# chattr +i /etc/passwd
# chattr +i /etc/shadow
# chattr +i /etc/group
# chattr +i /etc/gshadow
5. Disable Ctrl+Alt+Delete to restart the machine command
Modify the /etc/inittab file and put "ca::ctrlaltdel:/sbin/shutdown -t3 The -r now" line is commented out. Then reset the permissions of all files in the /etc/rc.d/init.d/directory and run the following command:
# chmod -R 700 /etc/rc.d/init.d/* < BR>
This way only root can read, write or execute all of the above script files.
6.
restrict su command If you do not want anyone can use su as root, you can edit /etc/pam.d/su file, add the following two lines:
auth sufficient /lib/security/pam_rootok.so debug
auth required /lib/security/pam_wheel.so group=isd
At this time, only users of the isd group can use su as root . Thereafter, if you want the user admin to use su as the root, you can run the following command:
# usermod -G10 admin
7. Delete login information
By default The login prompt information includes the Linux distribution, the kernel version name, and the server host name. This leaks too much information for a machine with high security requirements. You can edit the following line of the output system information by editing /etc/rc.d/rc.local.
# This will overwrite /etc/issue at every boot. So,make any changes you
# want to make to /etc/issue here or you will lose them when you reboot
# echo "">/etc/issue
# echo "">>/etc/issue
# echo "Kernel 100 100uname -r) on 100 100uname -m) ">>/etc/issue
# cp -f /etc/issue /etc/issue.net
# echo>>/etc/issue
Then, proceed Do the following:
# rm -f /etc/issue
# rm -f /etc/issue.net
# touch /etc/issue
# touch /etc/issue.net