Linux security management measures

Thanks to the outstanding functions and reliable stability of the Linux operating system, more and more users are learning and using Linux. In the course of studying and using Linux, I have also collected and sorted out some tips for Linux security management. Now I will make contributions to them. I hope you can continue to supplement and improve them.

1. Complete System Backup

In order to prevent the system from running normally when it is used, we should back up the Linux intact system, it is best to back up the entire system after completing the installation task of the Linux system. In the future, you can verify the integrity of the system based on the backup, so that you can find whether the system file has been illegally modified. If the system file has been damaged, you can use the system backup to restore it to a normal state. When backing up information, we can back up intact system information on the CD-ROM disc, and later we can regularly compare the system with the content of the disc to verify whether the integrity of the system is damaged. If you have a high security level requirement, you can set the disc to boot and verify the work as part of the system startup process. In this way, the system has not been damaged as long as the disk can be started.

2. Improved Login Server

Moving the login server of the system to a single machine increases the security level of the system. Using a more secure login server to replace the login tool of Linux can also further improve the security. In a large Linux network, it is best to use a separate Login server for the syslog service. It must be a server system that can meet the login needs of all systems and has enough disk space. There should be no other services running on this system. A More Secure Login server can greatly weaken the ability of intruders to tamper with log files through the login system.

3. Create read-only attributes for key partitions

Linux file systems can be divided into several major partitions, each of which is configured and installed separately, generally, at least/,/usr/local,/var,/home, and other partitions must be created. /Usr can be installed as read-only and can be considered unmodifiable. If any file in/usr has changed, the system will immediately issue a security alarm. Of course, this does not include the content in/usr changed by the user. The installation and configuration of/lib,/boot, And/sbin are the same. During installation, you should try to set them as read-only, and any modifications to their files, directories, and attributes will trigger system alarms.

Of course, it is impossible to set all major partitions as read-only. Some partitions, such as/var, cannot be set as read-only because of their own nature, however, it should not be allowed to have execution permissions.

4. Improve the system's internal security mechanism

We can improve the internal functions of the Linux operating system to prevent buffer overflow, so as to enhance the internal security mechanism of the Linux system and greatly improve the security of the entire system. But it is quite difficult to implement Buffer Overflow because intruders must be able to determine when a potential buffer overflow will occur and where it will appear in the memory. It is also very difficult to prevent buffer overflow. The system administrator must completely remove the conditions of buffer overflow to prevent such attacks. Because of this, many people, even Linux Torvalds, think that this secure linux patch is very important because it prevents all attacks using buffer overflow. However, it should be noted that these patches will also lead to someProgramAnd library dependency issues, these issues also bring new challenges to the system administrator.

5. Set traps and Honeypot

The so-called trap is the software that can trigger alarm events when activated, while the honeypot (honey pot) program refers to the trap program designed to lure hackers to trigger special alarms. By setting traps and honeypot programs, once an intrusion event occurs, the system can quickly issue an alarm. In many large networks, specialized traps are generally designed. Traps are generally divided into two types: one is to detect only intruders and not take revenge against them, and the other is to take revenge at the same time.

6. Eliminate intrusion in the bud

One of the most common tasks that intruders do before launching an attack is to scan the terminal number. If you can detect and block the hacker's scanning behavior in time, it can greatly reduce the incidence of intrusion events. The reaction system can be a simple status check package filter, a complex intrusion detection system, or a configurable firewall. We can use professional tools such as Abacus port sentry to monitor network interfaces and interact with the firewall to disable port scanning attacks. Abacus sentry can immediately stop ongoing port scanning. However, if improperly configured, it may also allow hostile outsiders to install DoS attacks in your system. Correct use of this software will effectively prevent a large number of parallel scanning targets on the terminal number and prevent all such intruders.