It is well known that network security is a very important issue, and servers are the most critical part of network security. Linux is considered to be a relatively secure Internet server. As an open source operating system, once a security vulnerability is discovered in a Linux system, volunteers from around the world will be patched up on the Internet. However, system administrators often fail to get information and make corrections in a timely manner, which gives hackers a chance. Relative to the security vulnerabilities of these systems themselves, more security issues are caused by improper configuration and can be prevented by proper configuration. The following is a brief list of the following points for your reference:
1, use the firewall to close any ports that are not needed, others can not PING the server, the threat is naturally reduced by a large part < Br>
How to prevent others from pinging:
1) At the command prompt, play
echo 1 > /proc/sys/net/ipv4/icmp_ignore_all
2) Disabling (or discarding) the icmp package with a firewall
iptables -A INPUT -p icmp -j DROP
3) Not responding to all packets using ICMP communication
PING TRACERT
2, change the SSH port, preferably changed to 10000 or more, the probability of others scanning to the port will also drop
vi /etc/ssh/sshd_config < Br>
Change PORT to port above 1000
At the same time, create a normal login user and cancel direct root login
< Br>
useradd 'username'
passwd 'username'
vi /etc/ssh/sshd_config
Add the following sentence at the end:
PermitRootLogin no #取Root direct remote login
3, delete the system bloated redundant account: userdel adm userdel lp userdel sync userdel shutdown userdel halt userdel news userdel uucp userdel operator userdel games userdel gopher userdel ftp if you do not Allow anonymous FTP, delete this user account groupdel adm groupdel lp groupdel news groupdel uucp groupdel games groupdel dip groupdel pppusers
4, change the following file permissions, so that no one has changed account permissions : chattr +i /etc/passwd chattr +i /etc/shadow chattr +i /etc/group chattr +i /etc/gshadow
5, chmod 600 /etc/xinetd. Conf
6, close FTP anonymous user login
Requirement scenario Using the proxy server HAProxy to load balance Mysql is a common solution. To
With the advantage of strong stability, embedded DVR is increasingly accepted by the security indust
First look at the TCP server side of the program: #include <stdlib.h> #include <stdio.h>
1. Start/stop/restart of VNC #service vncserver start/stop/restart Close the specific vncserver comm
How to get the source code of Linux commands
DirectAdmin installation tutorial
UNIX system failures and solutions
How to make Squid display local time
"httpd is not recognized service" solution
Detailed usage of grep command in Linux
Interserver VPS ovz architecture assumes that VPN
Data transfer on the link layer of the linux protocol stack (add interface to the bridge (4))
Win10 new features Windows Hello
Linux handle leak problem view
How does the Win7 system hide the desktop IE browser icon?
Thunder video production GIF dynamic picture tutorial
How to achieve dual screen with Win7 Nvidia graphics card
WP8.1 video editing application Video Editor 8.1 download
TGP strong cheers CF August 8 online activities TGP exclusive CF gift bag collection URL
Win7 system startup appears 2 or more system boot how to delete