As the Linux operating system good network capabilities, so most of the Internet Web server are using Linux as a main operating system.
But because the operating system is a multi-user operating system, the hackers to hide themselves in the attack, and tend to choose Linux as the first attack of the object. Then, as a Linux user, how do we adopt reasonable methods to secure against Linux? here I collect and organize some preventive safety, Linux, now out of their contribution, ask netizens can constantly supplemented and refined. 1. the prohibition of the use the ping command to ping a computer between mutual detection line good one application, exchange of data between computers without any of the transmission of encrypted, so we used the ping command to test a server, there may be an illegal on the Internet, through a dedicated hacker programs put in network transmission of information on the line in the middle of the theft, and theft of information used on the specified server or system, and for this we need a Linux system on the prohibition of the use of Linux commands. On Linux, if you want to enable ping no reaction that is used to ignore icmp packets, so we can at the Linux command line, enter the following command: echo1 >/proc/sys/net/ipv4/icmp_echo_igore_all if you want to restore using the ping command, you can enter echo0 >/proc/sys/net/ipv4/icmp_echo_igore_all2, note on the system back up in time to prevent the system in the use of outside circumstances occur during normal operation, which is we should Linux good system for backups, it is a complete Linux system installation tasks after you make a backup of the entire system, and later on the basis of this backup to verify the integrity of the system, so you can find system files have been modified illicitly. If system files have been compromised, you can also use system backups to restore to normal state. Backup information, we can make a good system information backup in CD-ROM, which can be later on a regular basis the system and compare contents to verify that the system's integrity is compromised. If the requirements of the security level is particularly high, so you can put the CD set to bootable and will verify the work as part of the system startup process. So as long as you can boot to the CD, the system is not compromised. 3. improved login server system login server moved to a separate machine will increase the system's security level, use a more secure login server to replace the Linux ' own logon tool or you can further enhance security. In a large Linux network, it is better to use a separate logon server for the syslog service. It must be an ability to meet the needs of all system login and you have enough disk space for Server system, this system should not have other services running. More secure login server can significantly weaken the intruders through login system alters the ability of the log file. 4. cancel the Root command history in linux, the system automatically records the user entered commands, and the root user to the command often sensitive information, in order to guarantee security, generally should not record or fewer records root command history. In order to set up the system does not record every man executed command, we can at the Linux command line, first use the cd command to/etc command, and then use the Edit command to open the directory the following profile file, and enter the following: HISTFILESIZE = 0HISTSIZE = 0, of course, we can also directly in the command line, enter the following command: ln-s/dev/null ~/.bash_history5, established for key Linux partition read-only attribute of file system can be divided into several major sections, each partition separately different configuration and installation, typically at least to establish/,/usr/local,/var and/home etc. partition. /Usr can be installed to read-only and can be thought of as is not modifiable. If there are any files in/usr has changed, then the system will now issue a safety alert. Of course this does not include the user's own change/usr. /Lib,/boot and/sbin installation and Setup. At install time should try to make them read-only, and on their file properties, directories, and any modifications will cause the system to beep. Of course all primary partitions are set to read-only is not possible, some partitions as/var, its own nature determines that they cannot be set to read-only, but should not allow it to have execute permissions. 6, kill the attacker's all process suppose we log files from the system of a user from our unknown host login, and we identify the user in this host does not have the appropriate account number, which indicates that at this point we are under attack. In order to guarantee system security is further damage, we should now lock the specified account number, if an attacker has to log on to the specified system, we should immediately disconnect from the host is a physical connection with the network. If possible, we would also like to see this user's history, and then carefully look at whether other users have been counterfeited, the attacker has limited rights; finally should kill all processes for this user and the host's IP address mask into the hosts.deny file. 7, improved system security mechanisms we can improve the internal function for the Linux operating system to prevent buffer overrun, thus to achieve enhanced Linux system internal security purposes, greatly improving the overall system security. But the buffer overflow is quite difficult to implement, because the intruder must be able to judge the potentialBuffer overflow when to appear and it is in memory of where it appears. Buffer overflow prevention seems very difficult, the system administrator must be completely removed from the buffer overflow conditions in order to prevent this form of attack. Because of this, many people even LinuxTorvalds I think this security Linux patch is important because it prevents all use buffer overflow attacks. But require attention that these patches will cause the execution stack of some programs and library dependency problems, these problems to your system administrator will bring new challenges. 8, the system keeps track of record in order to be able to closely monitor the activities of hackers attacks, we should start the log file to record the operation of the system, when a hacker attack system, it traces are logged in the log file, so there are many hackers start to attack the system, often by modifying the system log file, to hide their own whereabouts, to this end we must restrict access to files,/var/log prohibit general permissions users view the log file. Of course, the system built-in log management program features may not be too strong, we should use a dedicated log program, to observe those suspicious of multiple connection attempts. In addition, we will carefully protect the password with root permissions and user, because hackers once you know these account with root permissions, they can modify the log file to hide their tracks. 9, use a dedicated program to prevent security sometimes we through artificial means to monitor the system's security is too much trouble, or if you are not careful, so we can through professional program protection system security, the most typical approach for setting traps and setting up a honeypot. The so-called trap is activated to trigger the alarm event of software, and honeypots (honeypot) program is designed to lure a intrusion attempts to trigger special alarm trap program. By setting traps and honeypot program, in the event of intrusion event system can quickly issued an alert. In many large networks, generally designed with a special trap program. Traps are generally divided into two kinds: one is only found an intruder in without having to take retaliatory action that is at the same time taking retaliatory action. 10, the invasion and proactively intruder attack before most often do a thing-end, scan, if you are able to detect and prevent intruders-end, scan behavior, you can significantly reduce the incidence of intrusion events. Reaction system can be a simple status check packet filter or a complex of intrusion detection systems or firewalls can be configured. We can use such as this professional tool AbacusPortSentry, to monitor the network interface and firewall interaction eventually closes the port scan attack. In the event of ongoing port scan, AbacusSentry can quickly to prevent it from continuing to perform. But if not configured properly, it can also allow hostile external users in your system, install a denial of service attacks. Correct use of the software will be able to effectively prevent on-side, a large number of parallel scans and blocks all such intruders. 11, strictly manage password front we have also talked, hackers once Gets an account with root permissions, you can make any system damage and attack, and therefore we must protect the system password. Usually the user's password is saved in the file/etc/passwd file, although/etc/passwd is an encrypted file, but hackers are available through many dedicated search method to find the password, if we choose the password incorrectly, it can easily be hackers discovered. Therefore, we must choose one that is not easy to search for a password. In addition, we'd better be able to install a password filter tool, and use this tool to help you check the password is set to withstand the attack.
No comments:
Post a Comment