1, Lilo security settings
Vi/etc/lilo.conf.anaconda//Modify Lilo file ===============================================
......
Restricted//Join the line
password=111111//Join this line and set the password to 111111
......
================================================
chmod 600/etc/lilo.conf.anaconda//set to root permission read
/SBIN/LILO-V//update system to make the above operation effective
Chattr +i/etc/lilo.conf.anaconda//Set Lilo file is not writable
2, set the default password and account length and validity period
Vi/etc/login.defs//Modify Login.defs file ================================================
......
Pass_max_days 99999
Pass_min_days 0
Pass_min_len 8//Modify system default password length is 8 digits
Pass_warn_age 7//password is valid for 7 days
3, clear the password does not set the account number
VI/ETC/PASSWD//Modify passwd file =================================================
......
Elain::500:501:elain:/home/elain:/bin/bash
......
Account Elain does not have a password set. Because the second item is empty, this account does not have a password, which is very dangerous, should be deleted or set up a password for such account.
4, the Special Account processing
Delete unwanted users and groups of users
The order is as follows:
Delete User: Userdel username
Delete Group User: Groupdel groupname
Delete the following users:
Adm
Lp
Sync
Shutdown
Halt
Mail
————–
News
Uucp
operator
Games//If no mail server can be deleted
————–
Gopher//If no X Windows Server can be deleted
FTP//If anonymous access FTP is not allowed to delete this account
5, Permissions and file system
Lsattr//Listing properties of files
CHATTR//Changing the properties of a file
A//can only add attributes
I//non-change properties
Modify the key files in the system as follows:
passwd
Passwd._
Shadow
Shadown._
Xinetd.conf
Services
LILO.CONF, etc.
Example: chmod 600/etc/xinetd.conf//modify file owner as root
Chattr + (-) i/etc/xinetd.conf//set to Not (cancel) modify
6, limit the use of resources of the system
Vi/etc/security/limits.conf
=================================================
......
Add or modify the following lines:
*hard Core 0//Prohibit creation of core files
*hard RSS 5000//Except root, other user memory usage is 5M
*hard nproc 20//Limit Max process to 20
Vi/etc/pam.d/login
=================================================
......
Session required/lib/security/pam_limits.so
Add the above line to the end of the file
7, set the automatic cancellation account login
Vi/etc/profile
===================================================
......
Hostname= '/bin/hostname '
histsize=1000//This is the record number, the smaller the better
TMOUT=300//Add this line, indicating that the system does not have any operation within five minutes, will automatically log off the account