Some measures for safe management of Linux _unix Linux

Thanks to the outstanding functionality and reliable stability of the Linux operating system, more and more users are beginning to learn and use Linux. In the process of learning and using Linux, the author also collected and sorted out some security management of Linux tips, now to contribute to them, I implore you to continue to supplement and improve.

1, the system for a full backup

In order to prevent the system from occurring in the process of operation, we should back up the Linux intact system, preferably in the Linux system after the installation of the task of the entire system to back up, can be based on this backup to verify the integrity of the system, This allows you to discover whether the system files have been illegally modified. If a system file has been compromised, you can also use a system backup to return to normal state. When backing up the information, we can back up the good system information on the CD-ROM, and then periodically compare the system to the contents of the CD to verify that the integrity of the system has been compromised. If the security level requirements are particularly high, you can set the disc to be bootable and verify work as part of the system startup process. This means that the system has not been compromised as long as it can be started on the CD.

2. Improve Login Server

Moving the system's login server to a separate machine increases the security level of the system, and it can further improve security by using a more secure login server to replace Linux's own login tool. In a large Linux network, it is best to use a separate login server for the Syslog service. It must be a server system that satisfies all system login requirements and has sufficient disk space, and there should be no other services running on this system. A more secure login server can greatly impair the ability of intruders to log on to a file by logging into the system.

3. Establish read-only properties for critical partitions

Linux file system can be divided into several major partitions, each partition for different configuration and installation, in general, at least to establish/,/usr/local,/var and/home and other partitions. /usr can be installed as read-only and can be considered not modifiable. If any of the files in/usr have changed, the system will issue a security alert immediately. Of course this does not include the user changing the contents of/usr themselves. The installation and setup of/lib,/boot, and/sbin are the same. They should be set as read-only at installation time, and any modifications to their files, directories, and properties will cause the system to be alerted.

Of course, it is impossible to set all the primary partitions to read-only, some partitions such as/var, and so on, whose nature determines that they cannot be set to read-only, but it should not be allowed to have execute permissions.

4, improve the system internal security mechanism

We can improve the internal functions of Linux operating system to prevent buffer overflow, so as to enhance the internal security mechanism of the Linux system, and greatly improve the security of the entire system. But buffer overruns are difficult to implement because intruders must be able to determine when a potential buffer overflow occurs and where it appears in memory. Buffer overflow prevention is also very difficult, the system administrator must completely remove the buffer overflow conditions to prevent this way of attack. That's why many people, even Linux Torvalds, think this secure Linux patch is important because it prevents all attacks that use buffer overflows. However, it should be noted that these patches also lead to dependencies on some programs and libraries of the execution stack, which also pose new challenges for system administrators.

5, set traps and honeypot

The trap is the software that triggers the alarm event when activated, and the honeypot (honey pot) program refers to a trap procedure designed to entice an intruder to trigger a special alarm. By setting traps and honeypot programs, an intrusion event system can be alerted quickly. In many large networks, special trap procedures are generally designed. There are two types of trap procedures: one is to find the intruder and not retaliate against it, the other is to take retaliatory action at the same time.

6, to destroy the invasion in the embryonic state

One of the most common things that an intruder does before an attack is an end-scan, which can significantly reduce the incidence of an intruder if it can detect and block the intruder's end-scan behavior in a timely manner. The reaction system can be a simple stateful inspection packet filter, or it can be a complex intrusion detection system or a configurable firewall. We can use a professional tool such as Abacus Port Sentry to monitor network interfaces and interoperate with firewalls, ultimately to close the port scan attack. When an ongoing port scan occurs, Abacus Sentry can quickly prevent it from continuing. However, if improperly configured, it may also allow hostile outsiders to install a denial-of-service attack on your system. The proper use of this software will effectively prevent a large number of parallel scans of the end number and prevent all such intruders.