11. Good practices for ensuring Linux System Security

Source: Internet
Author: User

Thanks to the excellent network functions of the Linux operating system, most website servers on the Internet use Linux as the main operating system. However, because the operating system is a multi-user operating system, Hackers often choose Linux as the first target to attack in order to hide themselves in the attack. So, as a Linux User, how can we prevent Linux security in a reasonable way? I have collected and sorted out some measures to prevent Linux security. I would like to extend these measures to you.
1. Do not use the Ping command.
The Ping Command is an application that checks the connection between computers. data transmission between computers is not encrypted, therefore, when we use the ping command to detect a server, an illegal element may exist on the Internet, and the information transmitted on the network line may be stolen through a special hacker program, attackers can exploit the stolen information to attack the specified server or system. Therefore, we need to disable Linux commands in Linux. In linux, if you want to make ping unresponsive, that is, to ignore the icmp packet, you can enter the following command in the Linux Command Line:

echo 1 > /proc/sys/net/ipv4/icmp_echo_igore_all
If you want to resume using the ping command, you can enter
echo 0 > /proc/sys/net/ipv4/icmp_echo_igore_all
2. Back up the system in time
In order to prevent the system from running normally when it is used, we should back up the Linux intact system, it is best to back up the entire system after completing the installation task of the Linux system. In the future, you can verify the integrity of the system based on the backup, so that you can find whether the system file has been illegally modified. If the system file has been damaged, you can use the system backup to restore it to a normal state. When backing up information, we can back up intact system information on the CD-ROM disc, and later we can regularly compare the system with the content of the disc to verify whether the integrity of the system is damaged. If you have a high security level requirement, you can set the disc to boot and verify the work as part of the system startup process. In this way, the system has not been damaged as long as the disk can be started.
3. Improved Login Server
Moving the login server of the system to a single machine increases the security level of the system. Using a more secure login server to replace the login tool of Linux can also further improve the security. In a large Linux network, it is best to use a separate Login server for the syslog service. It must be a server system that can meet the login needs of all systems and has enough disk space. There should be no other services running on this system. A More Secure Login server can greatly weaken the ability of intruders to tamper with log files through the login system.
4. Cancel the Root command history
In linux, the system automatically records the commands that the user has input, while the commands issued by the root user often have sensitive information. To ensure security, generally, the root command history should not be recorded or rarely recorded. In order to set the system to not record the commands executed by everyone, we can first use the cd command to enter the/etc command under the linux Command Line, run the edit command to open the profile file under the Directory and enter the following content:
HISTFILESIZE=0HISTSIZE=0
Of course, you can also enter the following command in the command line:
ln -s /dev/null ~/.bash_history
5. Create read-only attributes for key partitions
Linux file systems can be divided into several major partitions, each of which is configured and installed separately, generally, at least/,/usr/local,/var,/home, and other partitions must be created. /Usr can be installed as read-only and can be considered unmodifiable. If any file in/usr has changed, the system will immediately issue a security alarm. Of course, this does not include the content in/usr changed by the user. The installation and configuration of/lib,/boot, And/sbin are the same. During installation, you should try to set them as read-only, and any modifications to their files, directories, and attributes will trigger system alarms.
Of course, it is impossible to set all major partitions as read-only. Some partitions, such as/var, cannot be set as read-only because of their own nature, however, it should not be allowed to have execution permissions.
6. Kill all processes of the attacker
Assume that a user is logged on from an unknown host from the system log file, and we confirm that the user does not have an account on this host, this indicates that we are under attack. To ensure further damage to the system security, we should immediately lock the specified account. If the attacker has logged on to the specified system, we should immediately disconnect the physical connection between the host and the network. If possible, we also need to further check the user's history, and then carefully check whether other users have been impersonated and whether attackers have limited permissions; finally, all processes of the user should be killed, and the IP address mask of the host should be added to the file hosts. deny.
7. Improve the system's internal security mechanism
We can improve the internal functions of the Linux operating system to prevent buffer overflow, so as to enhance the internal security mechanism of the Linux system and greatly improve the security of the entire system. But it is quite difficult to implement Buffer Overflow because intruders must be able to determine when a potential buffer overflow will occur and where it will appear in the memory. It is also very difficult to prevent buffer overflow. The system administrator must completely remove the conditions of buffer overflow to prevent such attacks. Because of this, many people, even Linux Torvalds, think that this secure Linux patch is very important because it prevents all attacks using buffer overflow. However, it should be noted that these patches will also cause dependency on some programs and libraries on the execution stack, which also brings new challenges to the system administrator.
8. track and record the system
To closely monitor hacker attack activities, we should start the log file to record the operating status of the system. When a hacker attacks the system, many hackers often modify the system's log files to hide their whereabouts when starting to attack the system, therefore, access to/var/log files must be restricted. Users with General permissions are prohibited from viewing log files. Of course, the built-in log management program function in the system may not be too powerful. We should use a special log program to observe the suspicious multiple connection attempts. In addition, we should be careful to protect passwords and users with root permissions, because once hackers know these accounts with root permissions, they can modify log files to hide their traces.
9. Use special programs to prevent security
Sometimes, it is difficult or difficult to monitor the security of the system through manual means. Therefore, we can also prevent the security of the system through professional programs, currently, the most typical method is to set traps and honeypot. The so-called trap is the software that can trigger an alarm event when activated, while the honeypot honey pot program refers to the trap program designed to lure the hacker to trigger a special alarm. By setting traps and honeypot programs, once an intrusion event occurs, the system can quickly issue an alarm. In many large networks, specialized traps are generally designed. Traps are generally divided into two types: one is to detect only intruders and not take revenge against them, and the other is to take revenge at the same time.
10. Eliminate intrusion in the bud
One of the most common tasks that intruders do before launching an attack is to scan the terminal number. If you can detect and block the hacker's scanning behavior in time, it can greatly reduce the incidence of intrusion events. The reaction system can be a simple status check package filter, a complex intrusion detection system, or a configurable firewall. We can use professional tools such as Abacus Port Sentry to monitor network interfaces and interact with the firewall to disable Port scanning attacks. Abacus Sentry can immediately stop ongoing port scanning. However, if improperly configured, it may also allow hostile outsiders to install DoS attacks in your system. Correct use of this software will effectively prevent a large number of parallel scanning targets on the terminal number and prevent all such intruders.
11. Strictly manage passwords
As we have mentioned earlier, once hackers obtain an account with root permissions, they can perform arbitrary damage and attacks on the system. Therefore, we must protect the operating password of the system. The user's password is usually stored in the/etc/passwd file, although/etc/passwd is an encrypted file, however, hackers can use many dedicated search methods to find passwords. If our passwords are improperly selected, they will be easily searched by hackers. Therefore, we must select a password that is not easy to search. In addition, we 'd better install a password filtering tool and use it to help ourselves check whether the configured password is able to withstand attacks.

Related Articles]

  • Linux system security knowledge-preventing hacker attacks
  • 10 tips for improving Linux System Security <1>
  • Ten tricks to improve Linux System Security <2>

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.