Article Title: Linux System Security. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Linux System Security lecture
---------------
Outline
* Note:
Teaching content mainly focuses on <> □
The configuration is based on the webpage information.
---------------
Network Security Level
Network
Service
System
System Security
Physical security
Geographic defense
Access Control System
Social engineering P2-13
Data center Protection
Cabinet
Host
Power Supply
Keyboard
Screen
Boot Protection
Key
Power Button
BIOS
Start the device:
Hard Disk
Soft Disk
CD
OS Loader
LILO P8-2
GRUB info grub (reference example 1)
Run level & rc P7-1
System Logon
Login
PAM P1-20
Ls/usr/share/doc/pam-0.75/
Limit more/etc/security/limits. conf
Nologin touch/etc/nologin
Consol vs remote more/etc/securetty
L istfile (Example 2)
Account Management
Account name and UID P1-5
Group P2-2 ~ P2-7
Account Password P2-12
Crack/John
Shadow P1-11
Chage info change
Usermod info usermod
Gpasswd info gpasswd
Permission management
Ugo & rwx P3-8
File vs directory x?
Trojan and virus root or non-root?
SUID & SGID & stickybit P4-2
Archives vs directory
Investigation Techniques P4-4
Su vs sudo
Su missing passwd? Privilege?
Sudoers Design info sudoers
Archive properties P4-8
Appand only
Read only
File System Design
File type P3-2
Inode & block P3-6
Http://www.study-area.org/linux/system/linux_fs.htm#fstab
Mount point
Quota http://www.study-area.org/linux/system/linux_fs.htm#fquota
Read only/usr/bin/usr/sbin...
No dev/home
No suid/no sgid
No exec
Secure download
Trust website rpmfind, sourceforge...
GPG seal *. sign
MD5 checksum info md5sum
Software Testing
Execution Code
Generate File
Connect/generate packets
Source code tracing
Intrusion Detection
Abnormal Behavior
Redundant connections
Incomplete records
Archive replacement
File Permission change
Hide files
Owner change
Suid/sgid
Device Files
Tools:
Chkrootkit
Http://linux.tnc.edu.tw/techdoc/check-rootkit-by-u-self.htm
Tripwire
Http://www.study-area.org/tips/tripwire.htm
Tiger
Ftp://coast.cs.purdue.edu/pub/tools/unix/TAMU
Log Protection
Extended attributes chattr +
Root only)
Size Control logrotate
Http://www.study-area.org/linux/system/linux_conf.htm#log
Authenticity (prevent modification) @ central/printer
Record Analysis
Tools:
Logcheck
Logwatch
Data backup
Original backup
System Backup vs Data Backup
Full backup vs differential backup
Http://www.study-area.org/linux/system/linux_conf.htm#backup
Backup Media & Save
Backup sample tar, cpio/apio
Disaster recovery
Risk Assessment
Fault tolerance level
Recovery degree
Fault Tolerance plan/device:
Link:
Redundent connection
Load balance
Cluster
Content:
RAIDS
SAN & NAS
Mirror & rsync
Patching P14-3
Version Selection
The safest version □ftp://linux.sinica.edu.tw/
Update mirror/APT/rhn
Test
------------
Network Security
Security Information
Website
Http://www.cert.org.tw
Http://www.vtcif.telstra.com.au/info/security.html
Http://www.redhat.com/apps/support/errata/
Wu-ftp
Zlib
UW imap
Openssh
Ssnldap
.....
Http://www.securityfocus.com/
Http://safe.ip-market.com/
Discussion Group/newsgroup
News: comp. security. announce
Mail List/Technical Forum
Listserv@securityfocus.com
Digest@sams.org
Magazines
Service program vulnerabilities and patches
Number of service programs P12-3
Centralized vs scattered
Update wu-ftp, bind, sendmail
Test
Chroot skills
Time to use
Feasible Software
Http://www.study-area.org/tips/dns_chr.htm
Difficulties
Application of tcpwrapper
Compile time vs run time
Supper daemon vs tcp_wrapper P15-2
Inetd vs xinetd P11-2
Hosts. allow vs. hosts. deny P15-9
Services * Appendix 1
Firewall and NAT
Firewall type
Proxy vs filtering P16-1/P17-1
How firewall works
Http://www.study-area.org/network/network_fw.htm
Basic knowledge
Http://www.study-area.org/linux/servers/linux_nat.htm
Firewall Rule Design
ACL vs state list
NAT application scenarios
NAT type
SNAT vs DNAT
Statice vs Dynamic
Http://www.study-area.org/tips/NAT-HOWTO/NAT-HOWTO-chn-3.html
Design and deployment of Network Architecture
Trusted network vs untrusted network
DMZ Application
Physical Segmentation
Protocol Switching
Common attack methods
DoS
Ping of death P13-2
Syn Flood P13-6
Other P13-8
Response P13-9
Self-attack test
Netstat
Http://www.study-area.org/linux/servers/linux_net.htm#network
P25-8 nmap
Portsentry/snort
-------------
Information Encryption
Plaintext vs ciphertext
Screen Display vs Package content
Http://www.study-area.org/network/network_enscp.htm
Eavesdropping techniques and Prevention
What is the prerequisite for eavesdropping packet?
Eavesdropping tools
Tcpdump
Sniffit
Intercept point routing?
Hub vs Swtich CSMA/CD?
Encryption methods and principles
Encryption Principle
Original Encryption Method
Http://www.study-area.org/network/network_enscp.htm
Algorithm
Technology patents
Encryption technology
Symmetric Key vs asymmetric key
Http://www.study-area.org/network/network_enscp.htm
Export restrictions in the United States
Electronic seal
Paper vs Electronics
Verifiable/Non-Repudiation
Current Situation and Future of Electronic Transactions
Secure Connection
Ssl & ssh
Cracking costs
Http://www.study-area.org/tips/security.htm
Http://www.nchu.edu.tw/trnc/90-2/firewall.ppt)
How ssh works
Http://www.study-area.org/tips/security.htm
Vpn Construction
VPN Principle
Application scenarios
VPN solution:
Ssh
Vpnd
Http://www.study-area.org/tips/vpn.htm
Ipsec P21-3
Network Design vs Implementation Technology subnet/routing?
Implementation reference
Secure Server Environment (1)
Http://safe.ip-market.com/article.php? Sid = 5
Ten Tips to ensure Linux security
Http://safe.ip-market.com/article.php? Sid = 26
Linux Security Settings Manual (post)
Http://phorum.study-area.org/viewtopic.php? T = 5080 & highlight = time-out % 3D00
---------------
* Example 1: GRUB Password protection
1) Enter grub to generate the MD5 password:
Grub> md5crypt
Password :**********
Encrypted: $1 $ U $ JK7xFegdxWH6VuppCUSIb.
** Click the left button to select the password and enter quit to exit grub.
2) Modify/etc/grub. conf to set password protection:
Password -- md5 $1 $ U $ JK7xFegdxWH6VuppCUSIb.
** Use the mouse key to paste the password.
Title Red Hat Linux 7.3 (2.4.18-3)
Lock
Root (hd0, 1)
Kernel/vmlinuz-2.4.18-3 ro root =/dev/hda12
Initrd/initrd-2.4.18-3.img
3) enter the p and password at startup.
* Example 2: PAM listfile (ssh)
1) refer to ftp's ready-made settings:
Grep listfile/etc/pam. d/ftp
2) simulate it and set it in ssh:
Vi/etc/pam. d/sshd
Add:
Auth required/lib/security/pam_listfile.so item = user \
Sense = deny file =/etc/sshusers onerr = succeed
---------------
Appendix 1: System Service suggestions
Disable finger
Disable ftp if you do not need it. In particular, anonymous should be disabled.
Disable gopher
Disable imap if you do not need it.
Disable pop2
Disable pop3 if you do not need it.
Disable talk
Disable ntalk
Disable telnet if not required. Replace it with ssh.
Uucp disabled
Samba is only available internally
Nfs/nis is only available internally
Replace r-command with ssh if possible.
X-protoco
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
