CentOS or users to first RedHadEnterpriseLinux4 to open SElinux by modifying/etc/selinux/config file SELINUX = "" for enforcing.
It can ensure that your system does not crash the non-normal. Some people think it should be shut down, I strongly recommend not, of course only be centos to play, not for actual server then does not matter. Iptables firewall 2, enable, and increase system security has many benefits. Set up firewall rules. 3. Execute setup off those unwanted services, keep in mind less open a service, the less a risk. 4. prohibit Control-Alt-Delete keyboard close command/etc/inittab "file, comment out this line (using #): ca:: ctrlaltdel:/sbin/shutdown-r now t3-read: # ca:: ctrlaltdel:/sbin/shutdown-t3-r now in order to make the changes take effect, enter the following command: #/sbin/init q5, to the script file in/etc/rc.d/init.d" set the permissions to execute, or turn off the startup of the program is executed when the script file to set permissions. # Chmod-R 700/etc/rc.d/init.d/* This means that only the root are allowed to read, write, and execute the script file. 6. modify the/etc/host.conf file/etc/host.conf "explains how to resolve the address. Editing/etc/host.conf file (vi/etc/host.conf) by adding the following line: # Lookup names via DNS first then fall back to/etc/hosts. order bind,hosts # We have machines with multiple IP addresses. multi on # Check for IP address spoofing. Nospoof on the first one sets the first DNS resolving IP address, and then through the hosts file to resolve. The second set test whether "/etc/hosts" file in the host has multiple IP addresses (for example, has more than one Ethernet interface card). The third Setup instructions to note on native unauthorized spoofing. 7. enable "/etc/services" file immune to "/etc/services" file to prevent unauthorized immunization, delete or add services: # chattr + I/etc/services8. prevent your system from the response any external/internal to ping request. Since no one can ping-pass your machine and receive a response, you can greatly enhance the security of your site. You can add the following line to/etc/rc.d/rc.local so that each time you start to run automatically after. Echo1 >/proc/sys/net/ipv4/icmp_echo_ignore_all9, on your system, all of the user to set resource limits can prevent DOS type attack (denialofserviceattacks) as the maximum number of processes, the amount of memory. For example, restrictions to all users, like this: vi/etc/security/limits.con the following code example, all users each session is limited to 10MB and allows at the same time there are four login. The third line to disable the kernel dump for everyone. The fourth row to remove all the user bin. Ftp allows 10 concurrent sessions (on an anonymous FTP account is especially practical); member of the managers group, number of processes is limited to 40. Developers have 64 MB of memlock restrictions, a member of wwwusers cannot create greater than 50 MB of files. Listing 3. set quotas and restrictions * hardrss10000 * hardmaxlogins4 * hardcore0bin-ftphardmaxlogins10 @ managers hardnproc40 @ developers hardmemlock64000 @ wwwusers hardfsize50000 to activate these restrictions, you need to add the following line at the bottom of/etc/pam.d/login: sessionrequired/lib/security/pam_limits.so.
No comments:
Post a Comment