How to set your Linux operating system to be more secure

BIOS security

Remember to set a BIOS password in the BIOS setup and do not receive floppy boot. This prevents malicious people from starting your Linux system with a dedicated startup disk and avoiding other people changing BIOS settings, such as changing floppy boot settings or not ejecting the password box to start the server directly.

Lilo safe

Add 3 parameters to the "/etc/lilo.conf" file: Time-out, restricted, and password. These options will require a password to be provided during startup time (such as "Linux single") to the start of the reprint process.

Step 1

Edit the lilo.conf file (/etc/lilo.conf) to add and change these three options:

QUOTE:

Boot=/dev/hda

Map=/boot/map

install=/boot/boot.b

time-out=00 #change to 00

Prompt

Default=linux

Restricted #add this line

Password= #add this line and put your password

Image=/boot/vmlinuz-2.2.14-12

Label=linux

Initrd=/boot/initrd-2.2.14-12.img

Root=/dev/hda6

Read-only

Step 2

Because the password is not encrypted, the "/etc/lilo.conf" file is readable only for the root user.

[Root@kapil/]# chmod 600/etc/lilo.conf (no longer globally readable)

Step 3

After making the above changes, update the configuration file "/etc/lilo.conf".

[Root@kapil/]#/sbin/lilo-v (update lilo.conf file)

Step 4

Another way to make "/etc/lilo.conf" more secure is to use the chattr command to set it as immutable:

[Root@kapil/]# chattr i/etc/lilo.conf

It will prevent any changes to the "lilo.conf" file, whether intentional or not.

For more information on Lilo Security, please refer to Lilo.

Disable all specialized accounts

In systems such as LP, Sync, Shutdown, halt, news, UUCP, operator, games, Gopher, delete all default user accounts and group accounts that you do not use.

To delete a user account:

[Root@kapil/]# Userdel LP

To delete a group account:

[Root@kapil/]# Groupdel LP

Select the appropriate password

The following guidelines should be followed when choosing a password:

Password Length: The default minimum password length is 5 characters when installing a Linux system. This length is not enough and should be increased to 8. To change to 8 characters, you must edit the Login.defs file (/etc/login.defs):

Pass_min_len 5

To

Pass_min_len 8

"Login.defs" is the configuration file for the login program.

Enable blind zone password support

Please enable the Blind Zone password feature. To achieve this, use the "/usr/sbin/authconfig" utility. If you want to change existing passwords and groups in your system to blind area passwords and groups, use the Pwconv and GRPCONV commands respectively.