Tips for Linux server network security management

If your Linux server is exposed to unauthorized users, such as servers in public IDCs and public IDCs, the security of your Linux server may cause serious risks.

Enter the system in Single User Mode

Boot appears after Linux is started: when prompted, use a special command, such as linuxsingle or linux 1, to enter Single-User mode ). This command is very useful, such as forgetting the root password of a Super User. Restart the system and enter linux single or linux 1 at the boot prompt. After a Super User enters the system, edit the Passwd file and remove x from the root line.

Countermeasure 1:

Enter the system as the root user, edit the/etc/inittab file, change the id: 3: initdefault settings, and add an additional line as follows ), when the system restarts and enters the single-user mode, the system prompts you to enter the Super User Password:

~~ : S: walt:/sbin/sulogin

Then run the command/sbin/init q to make the setting take effect.

Transmit dangerous parameters to the core at system startup

The most common boot loader tool in Linux is LILO, which is used to manage boot systems that can be added to other partitions and operating systems ). However, some illegal users may casually start Linux or pass dangerous parameters to the core at system startup, which is also quite dangerous.

Countermeasure 2:

Edit the file/etc/lilo. conf: add the restricted parameter to it. This parameter must be used together with the password parameter to be discussed below, indicating that at boot: prompt, when some parameters are passed to the Linux kernel, enter the password.

The password parameter can be used together with restricted or separately.

Used with restricted: the password is required only when the Kernel Parameter needs to be passed at startup, but in normal default mode, the password is not required, pay attention to this 1.1.

Use is not used together with restricted): indicates that no matter what startup mode is used, a password is always required for Linux. If there is no password, there is no way to start Linux, in this case, the security level is higher, which is equivalent to adding another layer of defense measures to the periphery. Of course there are also disadvantages-you cannot remotely restart the system unless you add the restricted parameter.

Because the password is plaintext and is not encrypted, the/etc/lilo. conf file must be set to only readable by the Super User. You can use the following command to set the password:

Chmod 600/ietc/lilo. conf

Run the command/sbin/lilo-V to write it to the boot sector and make the change take effect.

To enhance the security of the/etc/liIo. conf file, you can also set this file as an unchangeable attribute. You can run the following command:

Chattr 10 I/etc/lilo. conf

If you want to modify the/etc/liIo. conf file in the future, use the chattr-I/etc/lilo. conf command to remove this attribute.

Use Ctrl + Alt + Del to restart

This is very important and easy to ignore. If an illegal user can access the server's keyboard, he can press Ctrl + AIt + Del to restart your server.

Countermeasure 3:

Edit the/etc/inittab file and add notes to ca: ctrlaltdel:/sbin/shutdown-t3-r now ### ca: ctrlaltdeI:/sbin/shutdown-t3-r now.

Run/sbin/init q to make the change take effect.

You are reading: Linux server network security management tips

1. Introduction to Web server setup in Linux
2. How to Set Proxy Server
3. How to Use VNC to connect to a Linux Server