System security is critical to users, and Linux users are no exception. The author has summarized some tips for enhancing Linux security protection on his own experience of using Linux. I will introduce it to you here. 1. Add a boot password for LILO ---- Add options to the /etc/lilo.conf file so that LILO requires a password when booting to enhance system security. The specific settings are as follows: ----boot=/dev/had ----map=/boot/map ----install=/boot/boot.b ----time-out=60 #wait 1 minute - ---prompt ----default=linux ----password= ---- #密码设置 ----image=/boot/vmlinuz-2.2.14-12 ----label=linux --- -initrd=/boot/initrd-2.2.14-12.img ----root=/dev/hda6 ----read-only ---- At this point, note that since the password is in clear mode in LILO Stored, so you need to set the file property of ----lilo.conf to only root can read and write. ----# chmod 600 /etc/lilo.conf ---- Of course, you need to make the following settings to make the changes to ----lilo.conf take effect. ----# /sbin/lilo -v 2. Set the minimum password length and ---- the shortest use time ---- Password is the main means of authenticating users in the system. The default password minimum length is usually 5 when the system is installed, but the password can be increased to ensure that the password is not easily guessed. The minimum length is at least equal to 8. To do this, modify the parameter PASS_MIN_LEN in the file /etc/login.defs. At the same time, the password usage time should be limited to ensure that the password is changed periodically. It is recommended to modify the parameter PASS_MIN_DAYS. 3. User Timeout Logout ---- If you forget to log out of the account when the user leaves, it may bring hidden dangers to the system security. The /etc/profile file can be modified to ensure that the account is automatically logged out of the system after a period of inactivity. ----Edit the file /etc/profile and add the following line to the next line of the "HISTFILESIZE=”" line: ----TMOUT=600 ---- All users will be automatically logged out after 10 minutes of no operation. 4. Prohibit access to important files ---- Some key files in the system such as inetd.conf, services and lilo.conf can be modified to prevent accidental modification and viewing by ordinary users. ---- First change the file attribute to 600: ----# chmod 600 /etc/inetd.conf ---- Ensure that the owner of the file is root, and then you can set it to not change: ---- # chattr +I /etc/inetd.conf ----This way, any changes to this file will be disabled. ---- Only root can reset after resetting the reset flag: ----# chattr -I /etc/inetd.conf 5. Allow and disable remote access ---- The two files in /etc/hosts.allow and /etc/hosts.deny are allowed in Linux to allow and prohibit remote host access to local services. The usual practice is: ---- (1) Edit the hosts.deny file, add the following line: ----# Deny access to everyone. ----ALL: ALL@ALL ---- then all services for all External hosts are prohibited unless specified by the hosts.allow file. ---- (2) Edit the hosts.allow file, you can add the following line: ----#Just an example: ----ftp: 202.84.17.11 xinhuanet.com ---- will allow the IP address is 202.84 .17.11 and the machine hosted by xinhuanet.com act as a client to access the FTP service. ---- (3) After the setting is completed, tcpdchk can be used to check whether the settings are correct. 6. Limit Shell Command Record Size ---- By default, the bash shell will store up to 500 command records in the file $HOME/.bash_history (depending on the specific system, the default number of records is different). There is one such file under the home directory of each user in the system. Here I strongly recommend limiting the size of this file. ---- You can edit the /etc/profile file and modify the options as follows: HISTFILESIZE=30 or HISTSIZE=30 7. Delete the command record when you log out ---- Edit the /etc/skel/.bash_logout file and add the following line: ----rm -f $HOME/.bash_history ---- This way, all users in the system will log out when they log out. Delete its command record. ---- If you only need to set it for a specific user, such as the root user, you can modify the /$HOME/.bash_history file only in the user's home directory and add the same line. 8. Suppressing unnecessary SUID programs ----SUID allows ordinary users to execute a program with root privileges, so such programs in the system should be strictly controlled. ---- Find the program with the s bit that root belongs to: ----# find /-type f \\( -perm -04000 -o -perm -02000 \\) -print
1.LinuxOSVersion:RedHat AS 52. Network Environment Settings: Host (Linux): IP: 192.168.1.1 NetMark:
Computer Store News: According to the latest report from a German technology website, Valves Steam B
IAP, the full name is In-Application Programming, Chinese is interpreted as Programming in the prog
Under the Linux partition is more troublesome, the more convenient tool is called fdiskWe can use t
Microsoft's release of Windows8 makes the Linux desktop operating system a step closer to us.
Overview of Linux I2C Driver Architecture
Three important data structures driven by linux character devices
Linux system management and maintenance - date command
Linux version configuration requirements
Linux file name garbled conversion basic tutorial
Using library files and writing library files on AIX
Learn how to disable computers from using software
Tips for flexible use of expect scripts under Linux
Linux view online users and kick out users
Squid3 reverse proxy installation and configuration basic tutorial
I have seen the use of shadow systems for the
Win7/Win8.1 can upgrade the version of win10 for free?
Disk cleaning, teach you how to clean the C disk space
Microsoft claims that the Win10 Edge browser consumes a minimum of
Win10 strategy group prompts namespace solution occupation
How to remove the desktop icon with shadows? Teach you to easily solve
Microsoft released 75,000 WP apps in 2012
How to modify the Win8.1 desktop path Win8/8.1 modify the desktop file path method