Even under the Linux operating system, protecting the security of a computer connected to the network is a never-ending challenge. The simple methods provided in this article can help you improve the security of your Linux machine.
Do you think so? Because it is Linux, you can be safe without taking any action in the system. You should think about it again. Linux is an operating system, but the crux of the problem is connecting to the network, so that means it also needs to take security measures. As an operating system, it is quite secure, but no operating system is 100% secure, so we need to pay attention to the following. This article gives five key safety tips.
1, pay close attention to the key ring
Many people think that this operation is very cumbersome. After logging in to your computer and requesting a link to a network (or Lightweight Directory Access Protocol (LDAP) server), you must enter your keyring password. Disabling this feature gives users a great temptation to use a password that is empty and ignore the warning message so that unencrypted information (including passwords) can be transmitted. This is not a good idea. Although you may think this feature is a cumbersome thing, it exists for a reason to encrypt passwords transmitted over the network to prevent leaks.
2, Force Update User Passwords
When you are running a multi-user environment (Linux users are used to doing this), you should ensure that each user frequently updates their passwords. In order to achieve this, you need to use the chage command. Using the sudo chage -l username (where the username refers to the name of the user you wish to check) command, you can see if the user's password has expired. For example, you want to set the user's password to expire, and he needs to be updated the next time he logs in. To do this, you can type the command sudo chage -E EXPLICIT_EXPIRATION_DATE -m MINIMUM_AGE -M MAXIMUM_AGE -I INACTIVITY_PERIOD -W DAYS_BEFORE_EXPIRATION (all uppercase parts of the command are user-defined). If you want to know more about this command, you can refer to the man page. Computer Basics Questions
3, Do not blindly disable the security enhancement Linux subsystem
Similar to the key ring, there is a reason for the security enhancement of the Linux subsystem. SE stands for Enhanced Security, which provides a mechanism to control application access. I've read a lot of "solutions" that involve the problem of disabling the security-enhanced Linux subsystem. But from a real solution perspective, doing so will only lead to more and more serious problems. If an application is not working properly, what we need to do is to adjust the security-enhanced Linux subsystem's strategy to meet the requirements, rather than disabling the security-enhanced Linux subsystem. If you don't want to operate from the command line, you can choose a graphical interface tool called polgengui.
4. Don't log in as root
It seems that I often violate this rule for legitimate reasons. I can't help but emphasize the importance of Linux users not logging in as root. If you need to manage the system, log in with a normal user and use the su command, which is more reasonable than using the sudo command with the root user. When you log in as the root user, it poses a major security risk and provides access to systems and subsystems that are typically not accessed when logged in as a normal user. Computer knowledge therefore, I do not recommend this. The best option is to log in with a frequently used account
5, timely security updates
Linux and Windows have huge differences in update processing. For Windows systems, it is usually accustomed to a small number of large-scale updates, and using the Linux operating system means that a smaller range of updates is often performed. Ignoring these updates without properly installing security patches into the system can have catastrophic consequences. You must keep in mind that some of these updates are actually security patches that need to be enabled immediately. Never ignore an icon that indicates an update release. If you are using a simplified GUI-less server, make sure you have set up a scheduled task to check for updates, or manually check it daily or weekly. Keep the latest updates so that your system becomes more secure. Computer
Tips
Now, do you think your Linux system is safer? You should have the feeling that these five tips can make system security rise to a new level. Please note that this is not a complete list. This is just the beginning of a job where the security of computers connected to the network is in a continuous and ever-changing process. But with the help of these tips, you can better meet this challenge.
Requirement Description Set SNAT policy using iptables Make hosts on 192.168.100.0/24 network segmen
process represents a running instance of a program that is the smallest unit of allocated resources.
single, enter single-user mode, then change the startup mode to id:3:initdefault: in /etc/inittab (t
you want under Linux How to install the jdk you want under Linux? Last time we talked about how to u
Symfony2 configuration tutorial under Nginx
Two "BBC" recovery corrupted Linux systems
Centos view port usage and enable port command
Linux dynamic library (.so) search path
The relationship between spinlock and linux kernel scheduling
Linux auto-execute crontab study notes
Linux is a very useful command to find the software installation directory
Linux root password cracking summary Daquan
Linux I2C core, bus and device drivers
Linux off the alarm tone and modify the resolution
How to use static library and shared library on Linux platform
New Xiaobai 516 U disk boot GHOST installation Win7 (1)
IE browser comes with "F12 Developer Tools" to switch IE kernel to open in compatibility mode
How to hide the CD-ROM drive when WinXP is used again
Linux system apachectl command instructions
Kingsoft Internet Virus is not cleared. Solution
Windows 8 everywhere to achieve three-dimensional effect
Windows7 system ADSL dial-up local connection display does not recognize
Win10 temporary file can not be deleted solution