Explanation of basic Linux security management skills 2

Article Title: explains basic Linux security management skills 2. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
　　 Iii. login security
　　
1. Automatically log out of the account. In unix systems, the root account has the highest privilege. If the system administrator forgets to log out of the root account before leaving the system, this poses a major security risk and should be automatically logged out by the system. You can implement this function by modifying the "TMOUT" parameter in your account. TMOUT is calculated in seconds. Edit your profile file (vi/etc/profile) and add the following line after "HISTFILESIZE =:
　　
TMOUT = 300
　　
300 indicates 300 seconds, that is, 5 minutes. In this way, if the user logged on to the system does not take action within five minutes, the system will automatically cancel the account. You can add this value to the ". bashrc" file of an individual user so that the system can use it?
　　
After changing this setting, you must log out of the user and then log on to the user to activate this function.
　　
2. Use PAM (Pluggable Authentication Module) to prohibit anyone from using the su command to change to the root user su (Substitute
　　
The User command allows you to become another existing User in the system. If you do not want anyone to change to a root user using the su command or restrict the use of the su command for some users, you can go to the su configuration file (in "/etc/pam. add the following two lines at the beginning of d/"directory": edit the su file (vi/etc/pam. d/su), add the following two lines at the beginning:
　　
Auth sufficient/lib/security/pam_rootok.so
　　
Auth required/lib/security/Pam_wheel.so group = wheel
　　
This indicates that only members of the "wheel" group can use the su command to become the root user. You can add a user to the "wheel" group so that it can use the su command to become a root user. Run the command chmod-G10 username to add the username.
　　
　　 Iv. console access security
　　
1. Cancel the console access permissions of normal users. You should cancel the console access permissions of normal users. For example, shutdown, reboot, halt, and other commands.
　　
# Rm-f/etc/security/console. apps/
　　
Is the name of the program you want to deregister.
　　
2. root login from different consoles is not allowed
　　
The "/etc/securetty" file allows you to define which TTY the root user can set?
　　
Fu zhijian D is the best expert? Quot;/etc/securetty "file. You do not need to add the" # "mark before the TTY device to be logged in to prevent root login from this TTY device.
　　
The/etc/inittab file contains the following paragraph:
　　
# Run gettys in standard runlevels
　　
1: 2345: respawn:/sbin/mingetty tty1
　　
2: 2345: respawn:/sbin/mingetty tty2
　　
#3: 2345: respawn:/sbin/mingetty tty3
　　
#4: 2345: respawn:/sbin/mingetty tty4
　　
#5: 2345: respawn:/sbin/mingetty tty5
　　
#6: 2345: respawn:/sbin/mingetty tty6
　　
By default, the system can use six consoles, namely Alt + F1, Alt + F2 ..., add "#" in front of 3, 4, 5, and 6 to comment out this sentence. Now there are only two consoles available. It is best to keep two. Restart the init process and the changes will take effect!