No computer system is absolutely secure. If there is no system security awareness, it is easy to be hacked and cause information leakage. How do we enhance the security of the system? The following small series will introduce you to the method of strengthening the security of the Linux system, let's learn together.
Some people often say, Linux more secure than Windows. But any computer connected to the network can't be relatively safe. Just as we need to keep in mind that the fence of the yard can be stabilized, the operating system also needs us to maintain and strengthen it frequently. Here, we only talk about the general steps that multiple users can use to harden the system.
This article focuses on how to strengthen the question, but before the beginning of the reinforcement, the user needs to have a clear view of the following three questions, one question is what the system is used for, and the other is that it needs to work. What software, and third, what flaws or threats users need to protect. These three questions are sequentially causal links, that is, the previous question is the reason for the latter question, and the latter question is the result of the previous one.
Starting from scratch
It is perfectly possible to strengthen a system from a known security posture, but in practice this reinforcement can also be started from a "naked" system. . This means that users will have the opportunity to repartition the system disk, separating all data files from the operating system files is not a prudent security method.
The next step is to configure a minimal device, of course, to have the system boot, and then add the necessary sequence packages to complete the task. This step is very important. Why do you need to minimize the device? The less the reason for the code in the machine, the less flaws can be applied: no one can use flaws that don't exist, right? You also need to patch the operating system and have to patch all usage sequences that run on the system.
However, be aware that if someone can physically access the machine they are accessing, he will be able to boot the computer from a CD or other media and gain access to the system. Therefore, it is best for the user to configure the BIOS of the system, the limit can only be booted from the hard disk, and a strong password is used to maintain this configuration.
The next step is to compile your own system kernel, and here you should emphasize only those parts that you need. Once your own custom system is built and restarted into the kernel, the ability to attack the kernel you have will be greatly reduced. But the way to strengthen the system is not limited to this, the good play is still behind.
Lowering the Service
After running the slimming system, the next step is to make sure that only the services you need are running. Until now, users have cleaned up many services before, but there are still many services that are still running in the background. Users need to find these services in multiple locations, such as /etc/init.d and /etc/rc.d/rc.local, which include a variety of boot processes, to verify everything started by cron. Users can also check the listening sockets in order such as netstat or Nmap. For example, many services that users need to disable can include network file systems (samba), remote access services, and more.
Of course, you can't generalize. If you really need some services, try to limit its potentially damaging effects on other parts of the system. Try to make it work in your own chroot path. The other parts of the system are separate.
Pay attention to the question
As a user or maintenance person, you must ensure that no user can perform the unnecessary order or open the unnecessary files. The maintainer should audit the entire system and reduce the tolerance of each document to the minimum feasible level. Our goal is that no one can read or write a file that is not related to it. In addition, all sensitive data should be encrypted.
The above is a way to strengthen the security of the Linux system. The security of a system is inseparable from the user's good habits. Do not use unreliable software and browse unsafe websites.
In the Linux system, when the PC server host and FC storage connection, need to involve the wwn numb
Node.js is a commonly used script in Linux systems and has a wide range of applicat
Linux system operation, in addition to the use of tool conversion file encoding, bu
Linux system may not start properly due to NAS storage failure. In this case, you must start with Li
Linux uses rm to delete the database file how to recover?
Amazon Amazon AWS Access Key Creation Tutorial
X11 forwarding request failed on channel 0 error under Linux
How to solve the problem that Centos can't start
Linux crontab command use instance summary
Linux Compile and Install MemcacheQ Method
How to solve the garbled problem after SecureCRT connects to Linux server
How to install LibreOffice on Ubuntu
Linux system uses the command line to execute the php file transfer step
Linux restart oracle database three major techniques
Problems that must be paid attention to when reinstalling the system and details
How to install Win10 system with soft media cube
Win7 computer system how to hide the optical drive
Win3 appears d3dcompiler_43.dll is missing, the program software can not run normally How to solve
win7 use qq often unresponsive how do
XP system can not open msconfig how to solve? Msconfig.exe is missing how to get back?
Win7/Win8.1 upgrade to install Win10 which personal data can be retained
Win7 Ultimate expansion of hard drive capacity needs to pay attention to what issues