server security hardening

unnecessary ports, timely patching loopholes and other technologies to increase the security of the system. From this, I have compiled a short Linux reinforcement article, only for Linux beginners, I hope to be able to help you. Network security has always been the most important and the biggest gap in the Internet, and it is imperative to ensure the security of

Tags: assigning ISO grub.con an unload performing read-write associated HIDAbout "Security hardening"Safety is relative.Reinforcement may involve all aspects of the system: (1) hardware. For example: Intel X86 Hardware vulnerability; (2) operating system. Run from installation to installation and (3) system services. The service itself installs the configuration, the system resources involved in the service

System Performancevm.bdflush = + 1884, Improve virtual memory performancevm. Buffermem = 60# increases the size of the socket queue (effectively, q0). Net.ipv4.tcp_max_syn_backlog = 1024# Increa SE the maximum total tcp buffer-space Allocatablenet.ipv4.tcp_mem = 57344 57344 65536# increase the maximum TCP Write-buff Er-space Allocatablenet.ipv4.tcp_wmem = 32768 65536 52428815# increase the maximum TCP Read-buffer space Allocatablenet.ip V4.tcp_rmem = 98304 196608 1572864# increase the maximum a

,denyDeny from allTrojan Avira and Prevention:Grep-r--include=*.php ' [^a-z]eval ($_post '/home/wwwroot/Grep-r--include=. php ' file_put_contents (. $_post[.*]); '/home/wwwroot/Using Find Mtime to find the last two days or the days of discovering a trojan, which PHP files have been modified:Find-mtime-2-type F-name *.phpTo change directory and file properties:Find-type f-name *.php-exec chomd 644 {} \;Find-type d-exec chmod 755 {} \;Chown-r www.www/home/wwwroot/www.test.comTo prevent cross-site

#ListenAddress 192.168.1.1 and remove the previous # 7. Use strong password policy ( prohibit blank password )Generate random password: tr-dc a-za-z0-9_ xargs 8. Using key-based authentication, NBSP;NBSP, Disable password logon/etc/ssh/sshd_config passwordauthentication No Key-based authentication Method One: #在客户端ssh-keygen-t RSA generate key pair: Default default key is Id_rsa, id_rsa.pub NBSP, NBSP, man Ss

Usage: When implementing a login system, two people are required to be authorized to log in.Vi/etc/security/userChange the following:Sjhadmin = FalseRlogin = Trueauth1 = System;sjh,system;sam -- just add the line.Next time Use SJH User name login will require you to enter SJH and the Sam password is entered correctly before you can log into the systemThis article from "Technology bo" blog, declined reprint!AIX series------

http://www.nagain.com/appscan/http://bbs.pediy.com/forumdisplay.php?f=166Http://jaq.alibaba.comHttp://www.cocoachina.com/ios/20141118/10245.htmlSecurity test Report for the online Banking app on the iOS platformHttp://www.freebuf.com/articles/terminal/102396.htmlAutomated testing for Android app detection: Comparison of five app security online detection platformshttp://safe.ijiami.cnHttps://mqc.aliyun.com/?spm=0.0.0.0.EI7ecOHttp://wetest.qq.com/?from

Write in front: Blog Writing in mind 5w 1 H law: w hat,w hy,w hen,w here,w ho,h ow. The main content of this article:Authority authenticationSELinux operating mode/startup modeSecurity Context View and modification Brief introduction:SELinux is all called security Enhanced Linux, which means secure hardening of Linux.It is designed to prevent "misuse of internal staff resources". It

The following configuration is used for my formal environment. More than Apache before, now basically not. Now share it.1. 2. Use rewrite to harden Apache # # # # # # # # # #APACHE url keyword Hardening Strategy # # # # # #请自行添加删减关键字 #并做好测试 Examples are as follows: Rewriteengineonrewritecond%{request_uri}xwork|java|redirect|passwd|hosts|windows|script | SCRIPT|LOCATION|PROMPT|PROC\/SELF\/ENVIRON|MOSCONFIG_[A-ZA-Z_]{1,21} (=|%3d) |base64_encode.* (.

Tags: Linux security system hardening#!/bin/bash#设置密码复杂度If [-z] cat /etc/pam.d/system-auth | grep -v "^#" | grep "pam_cracklib.so" "];thenSed-i '/password required Pam_deny.so/a\password required pam_cracklib.so try_first_pass minlen=8 ucredit=-1 lcredit=-1 Ocredit=-1 dcredit=-1 retry=3 difok=5 '/etc/pam.d/system-authFi #设置连续登录失败暂锁机制 If [-Z ' Cat/etc/pam.d/system-auth | Grep-v "^#" | grep "pam_tally.so"

=-1 lcredit=-1dcredit=-1ocredit=-1>>/etc/pam.d/common-password# set to password continuous error 5 times lock, Lockout Time 300 sec echoauthrequiredpam_tally2.sodeny=5onerr=failno_magic_root unlock_time=300>>/etc/pam.d/common-password #口令历史策略echo password sufficientpam_unix.somd5shadownulloktry_first_pass use_authtokremember=5>>/etc/pam.d/common-password #禁止pingecho 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all #禁止IP伪装echo nospoofon>>/ etc/host.conf #创建新的用户useraddosadminechopassword|passwd--stdinos

the user is rejected if it does not matchPermitrootlogin no//deny root user LoginCp/etc/ssh/sshd_config/etc/ssh/sshd_config.bakgrep Banner/etc/ssh/sshd_configbanner/etc/ssh/ssh_login_banner# Banner None//Cancel Banner message cat/etc/ssh/ssh_login_bannerwelcome to CentOS 6.5See if there's any/etc/inittab inside.#ca:: Ctrlaltdel:/sbin/shutdown-t3-r now//disable Ctrl+alt+delvi/etc/pam.d/system-authauth required pam_tally.so ONERR=FA Il deny=6 unlock_time=300//password consecutive error 6 times, a

Overview For Microsoft Active Directory services that are running Microsoft? Windows Server? 2003 computers, domain controller servers are important roles to ensure security in any environment. For clients, servers, and applications that rely on domain controllers to complete authentication, Group Policy, and a central LDAP (Lightweight Directory Access Protocol) directory, any loss of domain controllers o

servlet only with Tomcat.(6) Apache is the most beginning page parsing service, Tomcat is developed after, in essence, the function of Tomcat can completely replace Apache, but Apache is the predecessor of Tomcat, and there are many people in the market still using Apache, So Apache will continue to exist, will not be replaced,Apache can not parse Java things, but parsing HTML fast .4. Examples of both:Apache is a car, which can be loaded with things such as HTML, but not water, to fill the wat

Php implements troubleshooting and hardening of Linux server Trojans. Php implements troubleshooting and hardening of Linux server Trojans. linux reinforced websites are often infected with Trojans for some improvement. this problem can be basically solved because discuzx and other programs have vulnerabilities, linux

Let's discuss the security settings for the Web server. This includes the security of NT Server, the security of database SQL Server, and the security of IIS. Note the order of installa

Tags: show change useful stage Auth tab ros. SQL descriptionby Don Kiely, 2014/06/04 reprinted from: http://www.sqlservercentral.com/articles/Stairway+Series/109941/ This series This article was part of the stairway Series:stairway to SQL Server Security Relational databases are used in a wide variety of applications, through a widely distributed network, especially the Internet, from dazzling client connec

Save the following text as: windows2000-2003 server Security and Performance registry automatic configuration file. Reg runs Copy Code code as follows: Windows Registry Editor Version 5.00 [Hkey_current_user/software/microsoft/windows/currentversion/policies/explorer] "NoRecentDocsMenu" =hex:01,00,00,00 "NoRecentDocsHistory" =hex:01,00,00,00 [Hkey_local_machine/software/microsoft/windows

Ladder for SQL Server security Level 1: SQL Server Security overviewDon kiely,2014/06/04The seriesThis article is part of the "Stairway series: Steps for SQL Server security"SQL Server

In addition to patches provided by security vendors, website server security is more important to set some common security problems that can withstand attacks by some cainiao tools. Basic Security Settings 1. Adjust the testing environment (set resolution, IP address, an