Author: dingwei using a remote administration tool recommends using Webmin remote management software, currently version is 1.020-1, you can download the http://www.webmin.com.
In order to ensure the safety of use, you need to download and install openSSL (the current version is 0.96g, http://www.openssl.org) and Net_SSLeay.pm (current version is 1.20, http://www.webmin.com). Webmin is to use http or https browser through access to http://ip:10000 or https://ip:10000 to manage system tools. With openSSL and Net_SSLeay.pm is Webmin use SSL encryption, which uses non-plain text transmission of https to communicate. # Install Webmin rpmUvhWebmin-1.020-1.noarc.rpm # compile openSSL0.9.6g tarxfzopenssl-0.9.6g.tar.gz cdopenssl-0.9.6g./config > >/root/install.log make makeinstall # compile Net_SSLeay.pm module tarxzfNet_SSLeay.pm-1.20.tar.gz cdNet_SSLeay.pm-1.20 perlMakefile.PL makeinstall close some services close unnecessary use of the service process to reduce vulnerability. After all installation RedHatLinux will have 100 service process, although not all loaded, but after all prone to problems. Because it is a desktop application, and therefore only necessary services. The following is an example that basically can meet user needs. # You can use to view the system open chkconfig--list service process # use chkconfig--del can remove specified service process # can set the/etc/init.d and corresponding script under/etc/xinet.d moved to a safe directory # change the script run permissions # proposed to retain the service process anacron autos # used to start the auto run task crond gpm ipcains iptables keytable # similar PnP hardware detection program kudzu nets network ns nfslock portmap random recommended replacement rawdevices # telnet security login, use an encrypted channel ssd # log monitoring process syslog telnet xs # Super daemon xinetd you should remove unnecessary users and groups. Using the userdel and groupdel delete users and groups. # You can delete user news uucp goper # can delete Group news uucp dip # LAN environment to prevent users from using a dial-up connection pppusers popusers slipusers also turn off IP Masquerade and bind multiple IP function. Modify the/etc/host.conf file. /Etc/host.con # multiple IP binding multiof # IP masquerading nospoo on demand prohibited by Ctrl + Alt + Del key off. Modify/etc/inittab file can disable the feature, you can enhance the security of the Terminal window. /Etc/inittab # use CTRL + Alt + Del three close system, can also increase the extended time and notify the administrator # ca:: ctrlaltdel:/sbin/shutdownt3rnow increase Super daemon. Modify the/etc/xinetd.conf file, you can increase the remote connection time, access to the network segment, and so limits the security settings. These modifications will telnet, etc. all from xinetd management service process to take effect. /Etc/xinetd.con defaults {instances = 60 log_type = SYSLOGautpriv log_on_success = HOSTPID log_on_failure = OST cps = 2530 # limit only 200.10.2 and 200.10.5 segments allow access, you can adjust only_from = 200.10.5.0200.10.2.0 # prohibit other segments access no_access = 0.0.0.0 # restrict access time at 7: 00 to 24: 00, depending on the time limit the access_times = 7: 00-24: 00} includedir/etc/xinetd.d
No comments:
Post a Comment