Avoid Linux common errors to ensure system security

For many people, migrating to Linux is a pleasure. For others, it was a nightmare. Especially for some administrators who just stepped into Linux management, if you don't avoid some common mistakes, it's easy to pose a security risk to your organization's network or system. This article will provide some advice to help these novices avoid these mistakes.

Error One: Download and install various types of applications from multiple sources without a rigorous audit

At first glance, this may be a good idea. If you are running Ubuntu, you will know that the package Manager uses the. deb package. However, many of the applications you find are provided in the form of source code. No problem? These programs may work correctly after they are installed. But why can't you install the program at random? The reason is simple, if you install the program in the form of a source, then your package management system will not be able to track what you have installed. Therefore, when package a (installed as a source) relies on package B (installed from a. Deb library), and what happens when packages B is updated from the update manager? Package A May or may not run. However, if both packages A and B are installed from the. Deb Library, the chances of both running will be higher. In addition, it is easier to update packages when all packages are from the same binary type.

Error two: Ignoring the update

This is not to say that Linux administrators lack skills. However, many Linux administrators, after running Linux, think that there will be nothing to do in the future, that it is safe and reliable. In fact, new updates can patch up some new vulnerabilities. Maintaining updates can construct a watershed between a vulnerable system and a secure system. The security of Linux comes from constant maintenance. To achieve security, any administrator should keep up with the update of Linux in order to use some new features and stability.

Error Three: bad password

Remember, the root password is usually the key to the Linux kingdom. So why should the password for root be so easily cracked? It is important to protect the robustness of your user passwords. If your password is long and difficult to remember, you can store the password in a location that can be encrypted. When this password is required, the decryption software can be used to unlock the password.

Error Four: Start the server into the X

When a machine is a dedicated server, you may want to install X, so some administrative tasks will be simpler. However, this does not mean that the user needs to boot the server into X. This can waste valuable memory and CPU resources. Instead, you should stop the boot process at level 3 and go to the command line mode. This will not only leave all the resources to the server, but also prevent the disclosure of the machine's secrets. To log on to X, the user only needs to log on as a command line, and then type startx into the desktop.

Error five: arbitrary permission, the reason is not understand the license

If the license is improperly configured, the hacker will be left with an opportunity. The easiest way to handle licensing issues is to use the so-called RWE method, read (read), write (write), execute (execute). Let's say you want a user to be able to read a file but not write to it. To do this, you can perform: chmod u+w,u-rx file name, some new users may see an error, said they do not use the file's permission, so they use: chmod 777 file name, think this can avoid problems. But doing so actually leads to more problems because it gives the executable permissions to the file. Remember this: 777 the license to read, write, and execute a file is given to all users, 666 reads and writes a file to all users, and 555 reads and executes the file to all users, 444, 333, 222, 111, and so on.

Error SIX: No backup critical configuration file

Many administrators have the experience of upgrading to an X version, such as X11, and finding that a new version destroys your xorg.conf profile so that you can no longer use X? It is recommended that you make a backup of the previous/etc/x11/xorg.conf before upgrading X to prevent the upgrade from failing. Of course, X's upgrade attempts to back up xorg.conf files for users, but it backs up the/etc/x11 directory. Even if this backup looks good, you'd better make a backup yourself. One of the habits of the author is to back it up to the/root directory so that users can know that only the root user can access the file. Remember, safety first. The method here is also useful for other critical backups, such as Samba, Apache, MySQL, and so on.