Configuration Notes on Strengthening Linux Operating System Security


It is well known that network security is a very important issue, and servers are the most critical part of network security. Linux is considered to be a relatively secure Internet server. As an open source operating system, once a security vulnerability is discovered in a Linux system, volunteers from around the world will be patched up on the Internet. However, system administrators often fail to get information and make corrections in a timely manner, which gives hackers a chance. Relative to the security vulnerabilities of these systems themselves, more security issues are caused by improper configuration and can be prevented by proper configuration. The following is a brief list of the following points for your reference:

1, use the firewall to close any ports that are not needed, others can not PING the server, the threat is naturally reduced by a large part < Br>

How to prevent others from pinging:

1) At the command prompt, play

echo 1 > /proc/sys/net/ipv4/icmp_ignore_all

2) Disabling (or discarding) the icmp package with a firewall

iptables -A INPUT -p icmp -j DROP

3) Not responding to all packets using ICMP communication


2, change the SSH port, preferably changed to 10000 or more, the probability of others scanning to the port will also drop

vi /etc/ssh/sshd_config < Br>

Change PORT to port above 1000

At the same time, create a normal login user and cancel direct root login

< Br>

useradd 'username'

passwd 'username'

vi /etc/ssh/sshd_config

Add the following sentence at the end:

PermitRootLogin no #取Root direct remote login

3, delete the system bloated redundant account: userdel adm userdel lp userdel sync userdel shutdown userdel halt userdel news userdel uucp userdel operator userdel games userdel gopher userdel ftp if you do not Allow anonymous FTP, delete this user account groupdel adm groupdel lp groupdel news groupdel uucp groupdel games groupdel dip groupdel pppusers

4, change the following file permissions, so that no one has changed account permissions : chattr +i /etc/passwd chattr +i /etc/shadow chattr +i /etc/group chattr +i /etc/gshadow

5, chmod 600 /etc/xinetd. Conf

6, close FTP anonymous user login

Copyright © Windows knowledge All Rights Reserved