How to do linux system security

In the various Linux distributions now, the enterprise version of red hat is relatively safe. For the general linux version, how do we ensure the security of the system. Or what aspects of system security need to focus on? This is the main point of this discussion. The security of the Linux system is mainly protected by the following parts: file system protection, user management security, process protection, and log management. File System Protection First of all, there is such a concept in the Linux system: & ldquo; everything is file & rdquo;. Then the management of the file is realized through the file system. How to manage the file system? Basic settings for file permissions already exist in Linux. Now I mainly introduce a tool for detecting file systems. Tripwire. Tripwire
is currently the most famous software tool for file system integrity check under Unix. The core technology of this software is to generate a digital signature for each file to be monitored and keep it. When the current digital signature of the file is inconsistent with the retained digital signature, then the file must have been changed. So I know what tripwire is doing, and now I will show you how to turn around. Isn't the general software installation a trilogy? ./configure , make , make install , the software installation page requires the above steps, but the software also needs to generate a baseline database. Using the command #tripwire –init The software works by first creating a feature database for the system files and directories that need to be monitored using a specific signature function. The signature here uses the hash function to make files of any length. Produces a fixed size value. By saving the value and comparing the hash value of the existing file or directory, if the result is the same, the file is not changed, otherwise the file is changed. The specific installation steps can be viewed online. After installation, you can use the tool to check the system. The default is to test the whole system. Here we can detect the file in a directory, use the command #tripwire –check. Which files will be generated after running the command. It is new and has been changed. User Management Security User Management Here mainly involves user login password and user management. Here is a tool to check if your password is relatively safe. John the ripper
John the Ripper free open source software, a fast password cracking tool, used to crack the plaintext cracking password software in the case of known ciphertext, supporting most of the current encryption algorithms, such as DES, MD4, MD5, etc. It supports a variety of different types of system architecture, including Unix, Linux, Windows
, DOS mode, BeOS and OpenVMS, the main purpose is to crack the Unix/Linux system password that is not strong enough. The latest version is John the Ripper 1.7.3, and the latest free version for the Windows
platform is John the Ripper version 1.7.0.1. John the Ripper's official website: http://www.openwall.com/john/

How to install, first unzip the source package and then enter the src directory in the unpacking package, then execute make, make clean linux-x86-any. After installation, you can go to the run directory to test and execute ./john -test. The result gives some time for decryption. The above salt refers to the number of users, and the traditional DES decryption speed is 413414 times/second.

Under the test, you can decrypt it. This command contains many parameters. Here is just a simple way. Use the command #./john -single “/etc/shadow” to display the user and corresponding password in /etc/shadow. The result shows that my password has been cracked before (I have already run the command once before running). If john has cracked the user's password, she will return the decrypted password to the john.pot file in the current directory. For example, look at this file to display $6$V04bcTXNnRgUepZa$SFlIYTUDAkC9rlajU1oO4AozREGzGZrZvKocUkBtOOnlS9qJ/tt8VpV5jk9YIdEhPfIjs7LJ0IDUkI6sGxCZq0:wuyaalan: The previous part is the user's ciphertext, followed by the corresponding user's password.

Of course, if the simple way can't be cracked, you can use the dictionary to decrypt. The success of dictionary decryption is based on whether the dictionary is complete. If you have a stronger password, you can combine -rules, -incremental, -rexternal, and so on. Use the basic commands to view the john manual.

Process Security Many intrusions are made through processes, so we need to constantly monitor some of the more important processes. See if there are unusual changes. Here mainly through the commands inside linux: Mainly: who, w, ps, top log management If the system is invaded, and the intruder does not modify the log, we can view the intrusion by viewing the log. There are three main log subsystems in Linux: link time log, process statistics log, and error log. Link time logs are recorded in /var/log/wtmp and /var/log/utmp to track who is logged into the system. Utmp records the information of the currently logged in user; wtmp records the time record of the user logging in to the system and exiting. Both of the above files are binary files. The process statistics log provides command usage statistics for the basic services in the system. The error log has a syslogd background process record. Various daemons and user programs in the system need to record related events to the file /var/log/messages by calling syslog.

How user programs and kernels log messages through syslog. The user program first outputs the user message to the log file through the syslogd background process through the syslog library function. The kernel generates a log to write the message to a ring buffer through printk. If the ring buffer fills up, printk fills in the data at the beginning of the buffer. Then the system calls syslog to send the message to the klogd background process. After klogd listens and gets the kernel message, it sends it to the syslogd background process and finally writes it to the log. The basic commands used here are: who, users, last, ac, lastlog, and so on.