Home > Developer > Linux

Small measures to improve Linux server security

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Disable Root Login

As the default system admin account root is the most vulnerable target. It is absolutely necessary to disable Telnet via SSH.

Method:

Edit/etc/ssh/sshd_config

Permitrootlogin No

Also, create a personal account for the administrator and assign it to the Sudoers user group (default is%admin)

-G admin Example_user

Modifying the sshd default port

The default port 22 for the remote service sshd is also the focus of the port scan, and modifying it to a different port (usually more than 1024) avoids most attacks. Method: Edit/etc/ssh/sshd_config

8822 #default

Using SCP instead of FTP

Although FTP is convenient, security has been criticized.

Background file management, the use of an encrypted SCP to better solve the problem.

SCP leverages sshd services, so you do not need to configure the server in addition, directly adjust account permissions.

You can use software WINSCP to connect to a server under Windows.

Official website: http://winscp.net

Installing DenyHosts

Denyhost can help you automatically analyze the security log, directly prohibit the suspected host brute force cracking.

Debian users can install directly using apt

$ sudo apt-get Install denyhosts

Official website: http://denyhosts.sourceforge.net/

Careful control of directory and file permissions, flexible use of user groups

For example, if the monitor program Munin needs to access the Web site log, do not modify the log file permission settings, but instead add Munin to the Www-data user group

$ sudo usermod-a-G www-data munin

Use a dedicated account for system programs

Try to use a dedicated account for every system program and avoid using root

such as MySQL, munin, etc., flexible use of sudo-u example_user and other commands to switch execution users and user groups

Download putty from the official website

Putty is a very popular Windows platform Remote tool, but do not covet the convenience of free download.

Such important and free software, please download from the official website, and it is best to check the integrity.

Official website: http://www.chiark.greenend.org.uk/~sgtatham/putty/

Small measures to improve Linux server security

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
small footprint linux server wordpress security measures improve server response time improve web server performance kaspersky small office security how to improve documentation steps to improve seo

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More