System Security Comprehensively defends my UNIX System Account

If your account is insecure, the other steps you take will be virtually empty. UNIX security, password security, and specific steps for each type of account are important issues of concern.

Password Security

Make sure that all users have an unpredictable password. To ensure that all passwords cannot be guessed, the passwords must be changed frequently. Ideally, a one-time password should be used.

If your account has logged on incorrectly for several consecutive times, disable it. One simple way to implement password security on an HP System is to use HP's trusted system components. Of course, only when you are not running NIS or NIS + is available.

Make sure that the password is not descriptive. In general, people may use license plate numbers, phone numbers, or personal names as user names. Unfortunately, this password is easy to guess. In addition, some people like to look for passwords from their daily preferences. These are all insecure passwords that users should check to avoid. Also, no. netrc file in the system will enhance security.

Root Account

When a few people can access the root directory, it is the easiest thing to track its changes and Security sexual attacks. The root directory password must be a strong and unpredictable password. In addition, you should change the root password at least once every three months, or when you leave the company for a long time. Be sure to exit the root directory command handler normally. Never leave the command handler unattended.

The only place where the root directory can be directly logged on should be set in/etc/securetty on the console ). Only the root directory has UID 0.

Check the security vulnerabilities in the root directory. The file alias should have a complete path name. You cannot use "." In the root directory. The dot file in the root directory can only have 700 authorization licenses.

Again, to avoid Trojan Horse programs, you must use the complete path name. Do not grant write access permissions for non-root directories to any directory in the root path. If possible, do not create the tmp file in the root directory in a public writable directory.

Guest Account

You must create a guest account only when necessary. After the purpose is completed, you must clear the account in time and use a non-standard guest account name. Do not use "guest "; do not use account names such as "fixomni" or "oratmp.

The Guest account should have a strong password and limited processing procedures. If appropriate, a strong umask such as 077 should be given to the Guest account.

User Account

User accounts should not be shared and should be cleared after the termination of the term. Logon with well-known account names should be disabled because these accounts do not need direct logon access such as bin, daemon, sys, uucp, lp, adm ).

1. The three Details reflect the security of the Unix Operating System
2. Security Detection and Prevention for mainstream Unix operating systems
3. Configure a secure sco unix Network System