Learn about linux security with me

Today, I want to discuss about linux security.
1. Add a ciphertext password to the grub startup option to prevent others from entering the single user for configuration modification.
[Root @ zy root] # grub-md5-crypt
Passwd: 123
123
Then it will generate some messy characters
[Root @ zy root] # vi/etc/grub. conf
Add a line of grup-md5 character before the title]
2. Configure the log server
[Root @ zy root] # vi/etc/syslog. conf configure the main file of the log server
Enter *. * @ 192.168.1.144 in a line.
*. * Indicates that all message logs @ 192.168.1.144 are sent to the host.
However, all messages are sent to the host 192.168.1.144. We also need to configure this host
[Root @ zy root] # vi/etc/sysconfig/syslog
Go to SYSLOGD_OPTIONS =
Modify SYSLOGD_OPTIONS = "-m 0-r-x" to this way.-m 0 indicates that the action is recorded.-r allows remote host-x to disable reverse resolution. Host wq is saved and exited.
Start the server again
[Root @ zy root] # service syslog restart
If the server is successfully started, check its port number.
[Root @ zy root] # grep syslog/etc/services
The port number is syslog 514/udp.
[Root @ zy root] # netstat-unl | grep: 514
Udp 0 0 0.0.0.0: 514 0.0.0.0 :*
Indicates that the server is started.
The rest only needs to direct all clients to the server.
[Root @ zy root] # vi/etc/syslog. conf I don't have a client. You can test it yourself. Remember to point it to the server address.
3. Generally, logs are stored under [root @ zy root] # ls/var/log
Put the Security Information in secure.
Put the email information in maillog.
Put large information in messages
We can use the tail and head commands to view messages.
[Root @ zy log] # tail-5 messages displays the last five lines of messages
[Root @ zy log] # head-5 messages: displays the first five lines of messages
Boot. log this file records the system events during the boot process, that is, the information displayed during the Linux system boot self-check process.
Cron this log file records the actions of the child process derived from crontab daemon crond.
System accounts such as bin, daemon, adm, uucp, and mail should never be logged on. If these accounts have been logged on, the system may have been intruded. If the recorded time is not the time the user logged on to the console, the user's account has been leaked.
/Wtmp
This log file permanently records the logon, logout, and system startup and shutdown events of each user. Therefore, as the system runs normally, the file size increases, depending on the number of system user logins. This log file can be used to view the user's logon records. The last command obtains this information by accessing this file and displays the user's logon records in reverse order, last can also display corresponding records based on the user, terminal tty or time.
The last command has two optional parameters:
Last displays all logged-on users. You can add | more
If you know the user name, you can [root @ zy log] # last root is my User Name
Last-2 shows the user logon status within the specified two days.
[Root @ zy log] # last-2
Root pts/2 192.168.1.102 Mon Jul 23
Root pts/0 192.168.1.102 Mon Jul 23)
Who command
The who command queries each user currently logged on. The default output of who includes the user name, terminal type, logon date, and remote host.
[Root @ zy log] # who
Root pts/2 Jul 23 (192.168.1.102)
Then, the who command queries all previous records. The command who/var/log/wtmp will report every login since the wtmp file was created or deleted.
[Root @ zy log] # who/var/log/wtmp
W Command [root @ zy log] # w
03:36:26 up, 1 user, load average: 0.00, 0.00, 0.00
User tty from login @ IDLE JCPU PCPU WHAT
Root pts/2 192.168.1.102 am 0.00 s 1.53 s 0.01 s w
W command to query and display information about each user in the current system and the processes it runs.