Computer Store News:
Whether you are a regular desktop user of Linux or a system administrator managing multiple servers, you are faced with the same problem: increasing threats. Linux is an open system that can find many off-the-shelf programs and tools on the network, which is convenient for users and hackers. So, how can we protect Linux system security? Please see the following four essentials.
First, keep the latest system core
Because Linux has a lot of distribution channels, and often updated programs and system patches appear, in order to strengthen system security, we must always update the system kernel.
Kernel is the core of the Linux operating system. It resides in memory and is used to load other parts of the operating system and implement the basic functions of the operating system. Because Kernel controls the various functions of computers and networks, its security is critical to overall system security.
There are many well-known security vulnerabilities in the early versions of Kernel, and they are not stable. Only versions 2.0.x or higher are more stable and secure, and the operating efficiency of the new version has changed a lot. When setting the function of Kernel, only select the necessary functions, and do not accept all the functions as a whole, otherwise the Kernel will become very large, which will take up system resources and leave a good opportunity for hackers.
There are often new security patches on the Internet, and Linux system administrators should be well-informed, frequent security newsgroups, and check out new patches.
Second, enhanced security tools
SSH is the abbreviation of the Secure Sockets Layer, which is a set of programs that can be safely used to replace utilities such as rlogin, rsh, and rcp. SSH uses public key technology to encrypt communication information between two hosts on the network and uses its key as a tool for authentication.
Because SSH encrypts information on the network, it can be used to securely log in to a remote host and securely transfer information between the two hosts. In fact, SSH not only secures secure communication between Linux hosts, but Windows users can also securely connect to Linux servers via SSH.
Third, limit the power of super users
We mentioned earlier, root is the focus of Linux protection, because it has unlimited power, it is best not to easily authorize super users. However, some programs must be installed and maintained with superuser privileges. In this case, other tools can be used to give such users partial privileges. Sudo is such a tool.
The Sudo program allows the general user to log in once again with the user's own password after configuration, to obtain the superuser's privileges, but only a limited number of instructions can be executed.
Fourth, set the security level of the user account
In addition to the password, the user account also has a security level, because each account can be given different permissions on Linux, so When establishing a new user ID, the system administrator should assign different permissions to the account as needed and merge them into different user groups.
In tcpd on Linux systems, you can set a list of allowed and not allowed players. Among them, the list of allowed personnel is set in /etc/hosts.allow, and the list of authorized employees is not allowed to be set in /etc/hosts.deny. After the setup is complete, you need to restart the inetd program to take effect. In addition, Linux will automatically log the results that are allowed or not allowed to be entered into the /rar/log/secure file, and the system administrator can detect suspicious entry records accordingly.
Each account ID should be handled by someone. In the enterprise, if the employee responsible for an ID leaves, the administrator should immediately delete the account from the system. Many intrusions are borrowed from accounts that have not been used for a long time.
Among user accounts, hackers like accounts with root privileges. This super user has the right to modify or delete various system settings, which can be unimpeded in the system. Therefore, you must carefully consider any account before giving root privileges.
The /etc/securetty file on Linux systems contains a set of terminal names that can be logged in as root. For example, on a RedHatLinux system, the initial value of this file only allows the local virtual console (rtys) to log in as root, without allowing remote users to log in with root privileges. It is best not to modify the file. If you must log in as root from a remote login, it is best to log in as a normal account and then use the su command to upgrade to a superuser.
Computer store news: Windows Phone is still facing a dilemma: if there are no more users, applicati
Computer store news: Windows 10 Build 10130 version released, compared to the previous version of 10
Computer shop news: Soft media Xiaobian will solve the problem of WiFi disconnection under Win8.1 he
Computer Store News: There is evidence that the Windows 10 First Anniversary Update will not only ad
Microsoft Chicago Data Center achieves 100% wind power: sustainable 20 years
Microsoft provides Node.js support for Win10 IoT Edition
Paying $28,000 for 6 IE11 vulnerabilities
Get to know the touch control of Windows 8
Microsoft proposes new cost savings for enterprises
Internet rating review password forgot how to do
Win10 browser Sparta to get started, set practical intelligence in a
Windows 10 Redstone Build 14306 will be the next Build
Microsoft: Upgrade WP10 preview version minimum version requires 8.10.112219.XXX
Microsoft WP has steadily increased, global web usage is 2%
Win7 boot display user name or password error how to solve
Win7 system boot for the first time into the DNF card solution
How to set Sysctl.conf to improve Linux performance (the most complete sysctl.conf excellent
How to set up administrator account for Win8
IE browser operation can not be ignored shortcuts
Win8 system deletes the application store cache garbage
Strengthen Windows XP password security two strokes
How to solve IE8 in Windows7 is not responding