5. allow and deny remote access on Linux is available through the/etc/hosts.allow and/etc/hosts.deny the 2 files allow and deny remote host access to local services.
Common practice is to: (1) edit the hosts.deny file, add the following line: # Denyaccesstoeveryone. ALL: & nbspALL @ ALL then all services to all external hosts prohibited, unless authorized by the hosts.allow file specified in the permit. (2) edit the hosts.allow file, add the following line: # Justanexample: ftp: 202.84.17.11xinhuanet.com will allow the IP address and host name for 202.84.17.11 xinhuanet.com machine as Client access to the FTP service. (3) Setup is finished, available tcpdchk check settings are correct 6. restrict Shell command log size by default, the file $ bashshell HOME/.bash_history holds up to 500 bar command history (depending on the system, the default record number different). System in each user's home directory has a file. In this I strongly recommends that you limit the size of the file. You can edit files, modify/etc/profile options are as follows: HISTSIZE HISTFILESIZE = 30 or = 30 7. log off delete command records-editing/etc/skel/.bash_logout file, add the following line: rm-f $ HOME/.bash_history in this way, all users on the system are deleted when you log off the command history. If you only need to target a particular user, such as the root user settings, you can only in the user's home directory to modify/$ HOME/.bash_history file, add the same line. 8. Prohibition of unnecessary SUID program SUID allows ordinary users to execute a program root privileges, so should strictly control system in such programs. Find out the root belongs with s-bit program: # find/-typef (-perm-04000-o-perm-02000)-print | less prohibition which unnecessary programs: # chmoda-sprogram_name 9. check the information displayed when powering on the Linux system starts, the screen will scroll off a string of post information. If you post a problem discovered when, you need to be checked after system startup, you can enter the following command: # dmesg > bootmessage the command will display the post's information to redirect output to a file bootmessage. 10. maintenance of the disk space regularly to check disk space for the maintenance of the Linux file system is necessary. While Linux disk maintenance use most commands is df and du. Df command key check file system being used, typically uses are: # df-k Filesystem1k-blocksUsedAvailableUse% Mountedon/dev/hda3196715617977866768896%/du command checks the files, directories and subdirectories consumes disk space situations, usually used with the-s option to only show you will need to check directory consumes disk space totals, it does not display the following subdirectories in occupies disk. %du-s/usr/X11R6/* 34490/usr/X11R6/bin 1/usr/X11R6/doc 3354/usr/X11R6/include
No comments:
Post a Comment