Linux Security Configuration Check items

1. Check the system password length, strength check

View System Password Length

Cat/etc/login.defs

Pass_min_len=8 #设定最小用户密码长度为8 the bigger the better.

View System Password strength

Cat/etc/pam.d/system-auth password required/lib/security/retry=3 minlen=9 dcredit=-1 ucredit=- 1 lcredit=-1 ocredit=-1

From the policy above using pam_cracklib.so, it is necessary to require the user to modify the password to meet the 9-bit, and the password must contain at least one uppercase letter, lowercase letters, numbers and special symbols

2. System password anti-crack time limit check

Perl ">cat/etc/pam.d/System-auth

Under the first line, add the following #%pam-1.0: Auth required pam_tally2.so deny=3 unlock_time=600 even_deny_root root_unlock_time=1200

Explanation of each parameter: Even_deny_root also restricts root user;

Deny sets the maximum number of consecutive error logins for regular users and root users, and the maximum number of times that the user is locked

Unlock_time set the normal user lock, how much time after unlocking, Unit is seconds;

Root_unlock_time set the root user lock, how much time after the unlock, the unit is seconds;

3. system file Permission check

000

4. System User default access rights

Cat/etc/login.defs See If Umask is 077

5. Check whether the log is turned on

CAT/var/log/messagescat/var/log/secure

6. View boot entry

Rc_local= ' Find/-name rc.local '"$rc _local"]thenfind/-name rc.local| While read Rc_filenamedoes' [*]filename: '$rc _filename' doneelse' [X]find rc_local not Exists 'fi

7. View Scheduled Tasks

Crontab-l

8. View logged in user

' {print $} ' | Sort|uniq

9. View the user who successfully signed in

[-f/var/log/secure] ' {print $ ' "$ $" "$ $   " "$11} 'else' [x]/var/log/secure File not found 'fi   

• This article is from: Linux Tutorial Network

Linux Security Configuration Check items