linux security best practices

If your Linux server is exposed to unauthorized users (such as servers in the public room, public office), then its security will have serious problems. Using Single-user mode to enter the system Boot after Linux startup: When prompted, use a special command, such as Linuxsingle or Linux 1, to enter Single-user mode

Socket programming practices in Linux (I) basic network knowledge and TCP/IP Overview ISO/OSI Layer-7 Reference Model 1. Physical Layer: It mainly defines physical device standards, such as the interface type of the network cable, the interface type of the optical fiber, and the transmission rate of various transmission media. Its main function is to transmit the bit stream (that is, it is converted from 1

Socket programming practices in Linux (4) TCP packet sticking problems and common solutions Generation of TCP packet sticking problems Because the TCP protocol is a byte stream-based and borderless transmission protocol, it is very likely to cause a packet sticking problem. In addition, the adhesive packet caused by the sender is caused by the TCP protocol itself. To improve transmission efficiency, the sen

Linux inter-process communication (IPC) programming practices (8) use of shared memory-POSIX shared memory (API) 1. Posix provides two methods to share memory areas between unrelated processes: (1) memory ing file: open the function first, and then call the mmap function to map the obtained descriptor to a file in the current process address space (this is used in the previous blog ). (2) shared memory area

:192.168.0.112address: 192.168.0.112#53aliases:test.comnameserverns.test.com. #成功查询到主DNS;test.com nameserverns2.test.com. #成功查询到从DNS [[emailprotected]~]#host-tmx test.com192.168.0.112 #查询test. com's MX record;usingdomainserver:name: 192.168.0.112address:192.168.0.112#53aliases:test.commailishandledby 10mail.test.com. #成功查询到邮件服务器, priority is 10;[[emailprotected]~]#host-ta www.test.com192.168.0.112 #查询www. test.com corresponding IP address;usingdomainserver:name: 192.168.0.112address:192.168.0.11

readable message and does not wait to return a enomsg error. Msgflg=msg_noerror Truncation when message size exceeds MSGSZ Msgtyp>0 and Msgflg=msg_except The first message that the receive type is not equal to Msgtype Practice: Message sent int main () { int msgid = Msgget (0x1234,0666| Ipc_creat); if (MsgId = =-1) { err_exit ("Msgget error"); } struct MSGBUF mybuffer; for (int i = 0; i Practice: Message Reception: The data

Socket programming practices in Linux (8) Select restrictions and poll (preliminary knowledge of concurrency)Select restrictions The number of concurrent servers implemented by the select statement is generally restricted by the following two factors: 1) Maximum file descriptor limit that a process can open. This can be changed by adjusting the kernel parameters. You can use ulimit-n (number) to adjust or u

Linux inter-process communication (IPC) programming practices (I) Basic concepts and anonymous Pipelines Inter-process communication can be achieved at least by sending open files. Different processes transmit information through one or more files. In fact, this method is used in many application systems. However, generally, inter-process Communication (IPC: InterProcess Communication) does not include this

Multi-version python installation practices in linux, linuxpython Use pythonbrew Copy codeThe Code is as follows:Easy_install pythonbrew[Root @ li637-23 schsert] # pythonbrew_install Well-done! Congratulations! The pythonbrew is installed: /Root/. pythonbrew Please add the following line to the end of your ~ /. Bashrc [[-S "$ HOME/. pythonbrew/etc/bashrc"] source "$ HOME/. pythonbrew/etc/bashrc" After that

Deployment environment: CentOS 7 x64Required: The current user has sudo permissions1. Installing dependent Packagessudo yum install libunwind Libicu2. Download the. NET Core installation fileCurl-ssl-o dotnet.tar.gz https://go.microsoft.com/fwlink/?linkid=8091313. Deploy the installation files to/opt/dotnetsudo mkdir-p/opt/dotnet sudo tar zxf dotnet.tar.gz-c/opt/dotnet5. Establish the dotnet symbol to link to the/usr/local/bin so that it can be called directly in the terminalsudo ln-s/opt/dotne

Linux inter-process communication (IPC) programming practices (10) System V semaphores --- typical PV operations// P primitive // P (semaphore * S)Wait (semaphore * S ){-- S-> value; if (S-> value {// Set the current process to blocking// Insert the PCB of the current process into the block queue S-> block (S-> list) at the end of the list );}}[// V primitive // V (semaphore * S)Signal (semaphore * S ){+ +

Socket programming practices in Linux (10) Basic UDP programming detailsIn my two blogs, I briefly introduced and implemented the server and client programs under UDP (TCP)-based windows (basically consistent procedures in UNIX, this article continues to explore some details about UDP programming.Is a simple UDP client/server model:I have also implemented a simple UDP echo server/client here: /** Practice:

can also be called intelligent parsing , > We can get the server from the telecom to the telecom room, Resolve the request from Unicom to the server in the Unicom room. Below we assume that our Telecommunications room Web server IP is 192.168.0.113, the Web server address of the Unicom room is: 172.16.0.10 first step, modify the configuration file definition ACL with view; [[emailprotected]~]#vim/etc/named.confaclunicom{ #定义联通的ACL, named unicom;192.168.0.111;};view "Unicom" {# D

count is not 0), the shared kernel is still readable (but at this point the read process must be connected to the shared memory, otherwise the write process does not actually delete the shared memory, However, its key value has been changed to 0x00000000 (private), and other processes are not connected at this time!Summarize:1. Shared memory is consumed by another program, it is not deleted immediately when the shared memory is deleted2. A symptom occurs when the shared memory key becomes 0x000

higher the level, the better the optimization effect, but the longer the compilation time.Two. Multi-source file compilation methodIf you have more than one source file, there are basically two ways to compile it:[Suppose there are two source files for TEST.c and TESTFUN.C]1. Compiling multiple files togetherUsage: #gcc testfun.c test.c-o TestRole: TESTFUN.C and TEST.c are compiled and linked into Test executables.2. Compile each source file separately, then link to the target file for post-com

StartProblemsIf the login appearsOops:priv_sock_get_result. Connection closed by remote host.This error requires an upgrade of PamYum Update PamConnect If you encounter vsftpd 530 Permission deniedUse Add userlist_* in vsftpd.conf to block specific Local UsersUserlist_enable=yesUserlist_deny=yesUserlist_file=/etc/vsftpd/user_listEdit/etc/vsftpd/user_list, add on the local user that needs to be blocked, a user name line with the blocked user logged in to FTP displays the message as: 530 Permissi

Before configuring logical volume management and configuration, we think about a problem. we all know that Linux is a multi-user mode. when our preliminary plan causes insufficient hard disk space, in general, we add a new hard disk, partition and format the disk, copy the data of the disk that is not properly planned, and then re-mount the disk to take effect. If we Logical Volume management and configuration Before configuration, we want to have a p

This article introduces the security of Linux. It may not matter if many people do not know about the Linux system. After reading this article, you must have learned a lot. I hope this article will teach you more things. Many people know that Linux is more secure than Microsoft Windows. But why? Is this argument true?

All operating systems have vulnerabilities, and none of them are absolutely secure. Any system connected to the Internet will be detected and may be intruded. Although the linux operating system is regarded as relatively secure, the operating system runs stably and quickly, but Linux itself has many hidden vulnerabilities. Today, the Internet is so popular that everyone is using

In the previous article, I introduced how to improve Linux system security through system optimization. Here we will continue to introduce how to improve Linux system security through security configuration, in this way, the Linux