Avoid common Linux management errors and ensure system security

Source: Internet
Author: User
Tags dedicated server

Migration to Linux is a pleasure for many people. For others, this is a nightmare. Especially for some administrators who have just entered the Linux management gate, if some common errors are not avoided, it is easy to bring security risks to the network or system of the Organization. This article provides some suggestions to help these beginners avoid these errors.

Error 1: download and install various types of applications from multiple channels without strict review

At first glance, this may be a good idea. If you are running Ubuntu, you will know that the package management program is used. Deb software package. However, many applications you find are provided in the form of source code. No problem? These programs may work properly after installation. But why can't you install programs at will? The principle is simple. If you install a program as a source, your software package management system will not be able to track what you have installed. Therefore, Package A (installed as A source) depends on Package B (from one. The deb library is installed), and when Package B is updated from the update manager, what will happen? Package A may or may not run. However, if both Package A and Package B are from. If deb library is installed, the chances of both operations will be higher. In addition, it is easier to update a package when all packages come from the same binary type.

Error 2: Ignore updates

This does not mean that Linux administrators lack skills. However, after running Linux, many Linux administrators think there will be nothing to do in the future and think it is safe and reliable. In fact, new updates can patch some new vulnerabilities. Maintaining updates builds a watershed between a vulnerable system and a secure system. Linux security comes from constant maintenance. To achieve security, any administrator should keep up with the Linux updates to use new features and stability.

Error 3: Bad Password

Remember, the root password is usually critical to the linux kingdom. So why is the root password so easy to crack? It is essential to ensure the robustness of your user passwords. If your password is long and hard to remember, you can store it in an encrypted location. You can use the decryption software to unlock the password when you need it.

Error 4: Start the server to X

When a machine is a dedicated server, you may want to install X, so that some management tasks will be simpler. However, this does not mean that the user needs to start the server into X. This will waste precious memory and CPU resources. On the contrary, you should stop the Startup Process on level 3 and enter the command line mode. This will not only leave all resources to the server, but also prevent the leakage of machine secrets. To log on to X, you only need to log on as a command line, and then type startx to enter the desktop.

Error 5: Allow at will because you do not understand the permission

If the permission is improperly configured, hackers will be given a chance. The simplest way to handle licensing problems is to use the so-called RWE method, namely, Read, Write, and Execute ). Suppose you want a user to read a file but not write it into it. For this reason, you can execute: chmod u + w, u-rx file name. Some new users may see an error saying they do not have permission to use the file, so they use it: chmod 777 file name to avoid problems. But this will actually cause more problems, because it gives the executable permissions of the file. Remember this: 777 grants all users the permission to read, write, and execute a file, and 666 grants all users the permission to read and write a file, in contrast, 555 grants all users the permission to read and execute files, including 444, 333, 222, and 111.

Error 6: No key configuration files are backed up.

Many administrators have this experience. After upgrading to an X version, such as X11, they find that the new version destroys your xorg. conf configuration file, so that you can no longer use X? We recommend that you back up the previous/etc/x11/xorg. conf file before upgrading X to avoid the upgrade failure. Of course, the Upgrade Program of X will try to back up the xorg. conf file for the user, but it is backed up in the/etc/x11 directory. Even if this backup looks good, you 'd better make a backup yourself. One of my habits is to back up the file to the/root directory, so that the user can know that only the root user can access this file. Remember, security first. This method also applies to other key backups, such as Samba, Apache, and Mysql.

Error 7: Log On As the root user

This is a very dangerous mistake. If you need root privileges to execute or configure an application, you can use su to switch to the root user in a standard user account. Why is it not a good thing to log on to the root user? When a user logs on as a standard user, all running X applications still have access to this user only. If a user logs on as the root user, X has the root permission. This will lead to two problems. 1. If the user makes a big mistake by the GUI, this error may be a huge disaster for the system. 2. Run X as the root user to make the system more vulnerable to attacks.

Error 8: A running kernel is not installed.

You may not install more than 10 kernels on one machine. However, you need to update the kernel. The previous kernel is not deleted. How did you do it? You have been using the latest operating kernel. Assume that the kernel you are working normally is 2.6.22, and 2.6.20 is the backup kernel. If you update 2.6.26 and everything works normally in the new kernel, you can delete 2.6.20.

Error 9: escape from using the command line

I'm afraid few people are willing to remember so many commands. In most cases, graphical user interfaces are a favorite of many people. However, sometimes the command line is easier to use, fast, secure, and reliable. Avoiding the use of command lines is a taboo in Linux management. The Administrator should at least understand how the command line works, and at least master some important management commands.

Error 10: Ignore log files

There is a reason for the existence of/var/log. This is the only location for storing all log files. When a problem occurs, you must first take a look at this. Check for security issues. For details, refer to/var/log/secure. The first position I have read is/var/log/messages. This log file stores all general errors. In this file, you can get information about the network, media changes, and so on. When managing a machine, you can use a third-party application, such as logwatch, to create reports based on/var/log files for users.

These ten errors are common among Linux administrators. Avoiding these errors will make the management work safer and more stable.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.