Improve Linux system security ten tips

Linux is a Unix operating system.

In theory, the design of Unix itself and no significant security flaws. Over the years, the majority found on the Unix operating system security problems exist in the individual program, so most of the Unix vendors have claimed to have the ability to solve these problems, providing security of Unix operating system. But Linux is somewhat different, because it does not belong to a company, not manufacturers claim that it provide security assurance, so users only have their address security issues in Linux regardless of function, price or performance has many advantages, however, as an open operating system, it inevitably there are some security implications. About how to resolve these problems, applications provide a secure platform, this article will tell you some of the most basic, most common, at the same time, the most effective tricks. Linux is a Unix operating system. In theory, the design of Unix itself and no significant security flaws. Over the years, the majority found on the Unix operating system security problems exist in the individual program, so most of the Unix vendors have claimed to have the ability to solve these problems, providing security of Unix operating system. But Linux is somewhat different, because it does not belong to a company, not manufacturers claim that it provide security assurance, so users only have their address security issues. Linux is an open system, on the network can find many ready-made programs and tools, both convenience to users, but also facilitates the hacker, because they can easily find the programs and tools to dive into the Linux system, or on a Linux system to steal important information. However, as long as we carefully set Linux various system functions, and add the necessary security measures, you can let hackers inorganic. In General, on the Linux system security settings including the Elimination of unnecessary services, restrict remote access to important information, hide, patch security vulnerabilities, security tools, as well as regular safety inspections, etc. This article teaches you to ten improve Linux system security. Although the tricks, but carefully worked, you may wish to try. 1 tips: remove unnecessary services early Unix versions, each a different network services has a service that runs in the background, later version with unified/etc/inetd shouldered by the server program. Inetd is the abbreviation for that Internetdaemon simultaneously monitor multiple network port, once you receive the connection information from the outside world, on the implementation of the TCP or UDP network services. Due to the unified command of inetd, so most of the Linux TCP or UDP services is set in the/etc/inetd.conf file. So cancel unnecessary services in the first step is to check the/etc/inetd.conf file, not in service with the "#" sign. In General, in addition to http, smtp, telnet and FTP, and other services should be removed, such as simple file transfer protocol tftp, network message store and receive the imap/ipop transport protocol, search and search for information on the use of gopher and used for time synchronization of daytime and time, etc. There are also some reports about the State of the system services such as finger, efinger, systat netstat and although the system, such as error checking and search for users is very useful, but also to provide a door for hackers. For example, a hacker could use the finger service to find the user's phone, use the directory, and other important information. Therefore, many Linux system will these services be cancelled or part cancellation, to enhance the security of the system. Besides using Inetd/etc/inetd.conf setting system services, you use the/etc/services files search service uses port. Therefore, users should carefully check the file in the port setting to avoid security loopholes. In Linux there are two different types of service: one is only necessary to perform services such as finger service; the other is always executed never pause services. This class of service at system startup begins execution, and therefore cannot rely on modifying the inetd to stop the service, only from modifying/etc/rc.d/rc [n] .d/file or use it to modify Runleveleditor. Provide file services for NFS server and provides NNTP news service news belongs to this class of service, if it is not necessary, it is best to cancel the services.