We all know, network security is a very important issue, and the server is a network security key.
Linux is considered a safer Internet server as an open-source operating system, Linux system security vulnerabilities are found, the Internet from all over the world, volunteers are eager to fix it. However, administrators often fail to timely and correct information, it will give a hacker to exploit. Relative to these vulnerabilities of the system itself, more security problems are caused by incorrect configuration, you can pass the appropriate configuration to prevent. The following is a simple list the following for your consideration: 1, with firewall close to any port, no server PING others, most of the natural reduction of threats against others to ping method: 1) to the command prompt to play echo1 >/proc/sys/net/ipv4/icmp_ignore_all2) with Firewalls prevent (or drop) icmp packet iptables-AINPUT-picmp-jDROP3) on all ICMP traffic packages not response such as PINGTRACERT2, change the SSH port, it is best to 10000 above, others scanning to port the probability may deteriorate vi/etc/ssh/sshd_conig will PORT to 1000 or more ports at the same time, create an ordinary user, and cancel the direct root login useradd'username'passwd'username'vi/etc/ssh/sshd_conig in last add the following sentence: PermitRootLoginno # cancel direct Telnet root 3, delete the extra account system bloated: userdeladmuserdellpuserdelsyncuserdelshutdownuserdelhaltuserdelnewsuserdeluucpuserdeloperatoruserdelgamesuserdelgopheruserdelftp if you do not allow anonymous FTP, delete the user account, change the following groupdeladmgroupdellpgroupdelnewsgroupdeluucpgroupdelgamesgroupdeldipgroupdelpppusers4 file permissions so that any person who fails to change the account permissions: chattr + I/etc/passwdchattr + I/etc/shadowchattr + I/etc/groupchattr + I/etc/gshadow5, chmod600/etc/xinetd.con 6, turn off FTP anonymous login
No comments:
Post a Comment