Security management under Linux system

1. The Boot program security Linux system root password is very easy to crack, of course, if you do not set the boot program password, such as Grub or LILO, in order to prevent through the boot program to decipher root password, it is strongly recommended to set GRUB or Lilo boot password, you can edit its configuration file/ Etc/grub.conf or/etc/lilo.conf, set the password parameter. 2. Unsafe

1. Boot program Security
The root password of the Linux system is very easy to crack, if you do not set the bootloader password, such as Grub or LILO, in order to prevent the boot program to decipher the root password, it is strongly recommended to set GRUB or Lilo boot password, you can edit its configuration file/etc/ Grub.conf or/etc/lilo.conf, set the password parameter.

2. Unsafe Permissions Settings
The common Linux file permissions are r W x, in fact, there is a permission called S, if a file given the S permission, then this file will be executed when the corresponding host user or host group user permissions, such as:

#chmod U+s testfile
#ls-la testfile
RWSR-----root root testfile

Thus, when the file is executed by another user, the user has the Execute permission on the testfile that the file hosts the user root. Similarly, when a file's host group has s permissions, the user who executes the file has permissions on the file to the user of this file host group, which is quite dangerous.

You can imagine, if the command chmod file is given the S permission, then other users what can not do it? Then it can change the permissions of any file, of course, the S permission needs to use with the X permission, the S permission without x permission is meaningless.

3. Automatic logoff
When a user forget to log off after using the server, it is also very dangerous, at this time, the administrator can set the timeout parameter of the/etc/profile file, when the user does not do any action for a period of time, the system automatically logs off the user.

4. Setting Password complexity
In order to prevent the system user password is too simple to be deciphered, you can edit the/etc/login.defs file, set the system user password complexity, such as password the longest, shortest, expiration time and so on.

5. Prohibit unnecessary user login system
To prevent other non-system users from logging on, you can give the user a home directory that does not exist and a shell environment that does not exist when the user is added, and, of course, it is best to change the access rights of the/etc/passwd and/etc/shadow two files so that the root user can access it later.

Security management under Linux system