Linux security must do several settings (ii)

650) this.width=650; "title=" Security Tips "src=" http://www.linuxprobe.com/wp-content/uploads/2017/03/ 183259jhy792ygdyp9097y.jpg "alt=" www.linuxprobe.com. "style=" Height:auto; "/>

Linux Security Tips 3:sudo

Sudo is very, very important, although this is a very basic thing, but it is these basic things that will make my hacking career become more difficult. If you do not have sudo configured, please configure it as well.

In addition, all of your users must use their own passwords, not all passwords using sudo to execute all commands. Users who do not need a password and can sudo any command will only make my hacking activities easier, which is equivalent to having the root authority of your machine.

Set a lower sudo time-out. When a hacker is hijacked to a user's session and if the user is able to use sudo to set the timeout longer, then you will again give the hacker a free channel, even if you set the password with sudo. I recommend sudo for a time-out of about 10 minutes, or even 5 minutes. Although users will need to enter their passwords repeatedly, this will reduce your attack surface.

Commands that restrict sudo access and prohibit access to the shell through Sudo. Most Linux distributions now by default allow you to use sudo bash to get a root-identity shell, which is great when you need to do a lot of system administration tasks. However, there should be a limit to the commands that most users actually need to run. The more you limit them, the smaller your host's attack surface will be. If you allow my shell to access, I will be able to do any kind of thing.

Linux Security Tip 4: Limit the services that are running.

Firewall is very good, hardware firewall can help you well protect the server. But what about the people in the intranet?

Have you ever used a firewall or system-based intrusion detection system for Linux systems? If you have used it, please configure it correctly. Restricting which services are currently running is essential, and what services are required to follow. If you're using a Linux distribution that installs the complete LAMP suite by default, and you don't need to use those services, uninstall it. Prohibit those services, do not open them.

Any service program does not run with the default identity to ensure that the service is configured securely. For example, when you are running Tomcat, do not leave unused web programs that are not maintained. Make sure that they do not run as root. The more restrictions you make on services, the more secure your machine is.

Linux Security Tip 5: Manage your system logs, program logs.

Once we have dealt with such a problem. A customer set up a very good log record but never look at the log records, through the log can be very easy to detect their machine as early as six months ago has been invaded, and their entire network is open to the outside world. For logging I do this, I get up every morning to spend 15 minutes to check my email, browse my log records clearly understand the status of the service.

On one occasion, three servers in the engine room crashed and restarted them urgently, then found out what was wrong with the log records. It's good to centralize your logs with syslog, Splunk, and other log consolidation tools. The hacker's favorite thing is to modify your log records so you don't know that the server has been compromised. Of course, make sure you have enough disk space to store the centralized logs.

Original address:http://www.linuxprobe.com/linux-security-option-2.html

This article is from the "blog" blog, please be sure to keep this source http://coderhsf.blog.51cto.com/12629645/1916169

Linux security must do several settings (ii)