redhat hardening

unlock_time=120To the second row.The server needs to be restarted for the configuration to take effect. Check host access control (IP limit)To perform a backup:#cp-P/etc/hosts.allow/etc/hosts.allow_bak#cp-P/etc/hosts.deny/etc/hosts.deny_bakVim/etc/hosts.allow #插入all:*. *.*.*:allowVim/etc/hosts.deny #插入sshd: 555.555.555.555:deny Check Password lifecycle requirementsCp-p/etc/login.defs/etc/login.defs_bakTo modify policy settings:#vi/etc/login.defsModify the value of Pass_min_len to 5, modify

[Root@mypc disk1]#./runinstaller Starting Oracle Universal Installer ...Checking Setup requirements ...Check operating system version: Must be redhat-3, SuSE-9, SuSE-10, redhat-4, redhat-5, redhat-6, UnitedLinux-1.0, Asianux-1, Asianux-2, Asianux-3, E Nterprise-4, enterprise-5 or SuSE-11Failure to pass Exiting Oracle

, such as: DD, cpio, tar, dump, etc.7 Other 7.1 using firewallsFirewall is an important aspect of network security, we will have another topic to elaborate on the firewall, including the principle of the firewall, Linux 2.2 kernel under the IPChains implementation, Linux 2.4 kernel NetFilter implementation, commercial firewall product applications.7.2 Using third-party security toolsLinux has a lot of good security tools, such as: Tripwire, SSH, Sudo, Tcpdump, Nmap, Nessus, snort, sniffit ... We

How soft apps protect themselves, talk about app defenses, use 360 hardening helper reinforcement/signature/multi-channel packaging/Application Market release Because Java and Android platform type, so the app is easy to decompile, which for our developers, is an unwanted result, for the user, is a sad news, and security, has been our focus, today, we come to talk about this security, and play with APK reinforcement! I. Why we need to im

I. Linux hardening targets and objectsobjective of the project strengthening: to solve the security problems of Linux servers identified by the company in the risk assessment work this year, and to promote the security status of Linux servers to a higher level of security, in combination with the requirements of the revised version of the Southern Power grid security baseline standard. Minimizing the security risks posed by Linux servers to the normal

Summary of MySQL configuration and security hardening under WindowsIn the actual use of the network management, MySQL database in the installation of the configuration and security hardening content, in the customer gradually increased demand. From the question of feedback, it is generally by the third-party software company software scanning the entire system, MySQL related content does not meet the requir

Server relative to the other, security settings more difficult, then the server of the cow B, the hacker who encountered the cow B, there is no black not to go. Of course, for small sites, the general reinforcement on the line.Because of the wide variety of security factors and different server settings, this section can simply introduce several aspects of security hardening.1. Update system PatchesUpdating patches is the most important step in securi

Bash Vulnerability Hardening Scheme1Vulnerability DescriptionThe previous period of time to do security reinforcement, using the BVS scan host, according to the scanned report shows that there are two Bash vulnerabilities, respectively:① GNU Bash environment variable Remote Command execution vulnerability (cve-2014-6271)The GNU Bash 4.3 and previous versions have a security vulnerability when evaluating certain constructed environment variables, and

become very smart, but the introduction of the third-party jar still need to manually write obfuscation rulesCase: Introduction of Baidulbs_android.jar,android-support-v4.jar Two packagesProguard-project.txt Script Writing rules:The package contained within the #工程中含有第三方jar包-libraryjars Libs/android-support-v4.jar-libraryjars libs/baidulbs_android.jar# Project cannot be confused-keep Class com.baidu.** {*;} -dontwarn Com.baidu.**-keep class vi.com.gdi.bgl.android.java.** {*;} -dontwarn vi.com.g

1. Update system PatchesUpdating patches is the most important step in security hardening.2. Disable services that you do not needThe following services must be disabled: Server, Workstation, Print Spooler, Remote Registry, Routing and remote Access, TCP/IP NetBIOS Helper, computer Browser3. System Permission settingsBecause there are so many places to set up the system permissions, we can only publish the common ones.Some of the files are hidden by t

;/etc/issueCp-f/etc/issue/etc/issue.netEcho >>/etc/issue2) for Apache configuration file, find Servertokens and serversignature two directive, modify its default properties as follows, use no echo version number:Servertokens PRODServersignature OFFVi. iptables Firewall Rules:Iptables-a input-p--dport 22-j ACCEPTIptables-a input-i eth0-p TCP--dport 80-j ACCEPTIptables-a input-m State--state established,related-j ACCEPTIptables-a input-j DROPThe above rule will block TCP active pick-up from the in

2Database Security Hardening... -2.1 Modify The root user default password, delete the empty password ... -2.2 Delete the default database and non-essential database users ... to2.3 run MSYQL with an independent user 2.4 About The management of non- root database users ... -2.5 about the default administrator user name management ... the2.6 User Directory permission limits ... *2.7 Command History protection ... $2.8 prohibit users from r

Tags: assigning ISO grub.con an unload performing read-write associated HIDAbout "Security hardening"Safety is relative.Reinforcement may involve all aspects of the system: (1) hardware. For example: Intel X86 Hardware vulnerability; (2) operating system. Run from installation to installation and (3) system services. The service itself installs the configuration, the system resources involved in the service, and the external access to the service (dat

explicitlydeniedauthorizationforthisapplication,or locationservicesaredisabledinSettings. break;case3:// userhasgrantedauthorizationtousetheirlocationatanytime, //includingmonitoringforregions,visits,orsignificant locationchanges.break;case 4://userhasgrantedauthorizationto usetheirlocationonlywhenyourapp//is visibletothem (itwillbemadevisibletothemif youcontinueto//receivelocationupdateswhile inthebackground) .authorizationtouse// launchapishasnotbeengranted.break; caSe5://thisvalueisdeprecate

) { for(intj = 0; J ) {System.out.print (Data[i][j]+ " "); } System.out.println (""); } }}The results of the program run as follows:6. Using the stream to print an array, we can convert the array to a stream and print it out.code example: PackageCom.himi.printarray;Importjava.util.Arrays;/** Use stream to print an array * We can convert it to a stream and print it out. */ Public classStreamarray { Public Static voidMain (string[] args) {//Arraystring[] Arraystr =Newstring[]{"Java

object.Deserialization common TypeCan be deserialized into a generic type, such as an Pojo array.Custom GensonIf the default configuration provided by Genson does not meet your needs, you can customize it by Gensonbuilder. For example, it is possible to implement output indentation, serialize all objects with their runtime type, and deserialize a class that does not provide a default parameterless construction method that can be implemented using the following configuration.Official website: ht

dynamic properties are all stored in the heap, and the heap must be accessed by the instruction (the method of the class) through the address pointers in the stack. It is therefore possible to infer that static properties are stored in the stack, unlike dynamic properties stored in the heap. Because all are in the stack, and the instructions and data in the stack are fixed-length, it is easy to calculate the offset, and therefore, regardless of the instruction (the method of the Class), you can

StringBuffer =NewStringBuffer (text); - System.out.print (Stringbuffer.reverse ()); the } - -}The results of the operation are as follows:3. Convert a string to byte[], byte[] is to store each character of the string as a byte type, but not a char type. So there is no direct reverse output (not like 1). However, we can convert the string to byte[] , and then we can exchange the elements in the end of the symmetry, so that the reverse output is achieved:1 Packagehimi.hebao05;2 3 Publi

{ -System.out.print (""); + } A } at System.out.println (); - } - /*print the lower half of a diamond triangle the middle row is common so the number of rows is Length-1*/ - for(inti = length-1; i > 0; i--) { - for(intj = 1; J ) { -System.out.print (""); in } - for(intK = 1; K ) { to if(k = = 1 | | k = = 2 * i-1) { +System.out.print ("*"); -}Else { theSystem.out.print (""); *

1.short s = 1; s = s + 1; Is there a problem? What if it's solved?Short S = 1; s + = 1; Is there a problem? What if it's solved?2. Understanding:Short S=1;s=s+1;Nature is the compiler does not pass the hint loss accuracySo:Short S=1;S+=1;Why can it be compiled through that?There is one more question:Implicit type conversions can be auto-byte->short->int->long from small to large, that is, if you lose precision in turn, you must perform a display type conversionAnd S+=1 's meaning is different fr