Some simple changes in Linux
1, change the login prompt
[Email Protected]╭ァ rain throb ~]# VIM/ETC/MOTD
Add the words you want to prompt in this file and save them after you've finished modifying them.
Such as:
Last Login:thu Mar to 06:15:51 from 192.168.1.119
Welcome to LOGIN!!! Warm reminder: The data is priceless, cautious operation ~ ~ ~
[Email Protected]╭ァ rain throb ~]$
Of course, this display method can also be changed/etc/ssh/sshd_config
[Email Protected]╭ァ rain throb ~]# vim/etc/ssh/sshd_config
Join Banner/usr/local/src/welcome.txt on the last line
One of the Welcome.txt is your pre-defined file, the inside of the class is also your own writing, under which directory, write which absolute road strength
2,history command
All records of this command are saved in the. bash_history file in your user directory
By default, history does not show the time of the user Action command, but modifying the file allows the date to be displayed
[Email Protected]╭ァ rain throb ~]# vim/etc/ssh/sshd_config
histfilesize=4000 #命令的记录总数, saved in. bash_history
histsize=4000 #记录输出的总数
histtimeformat= '%F%T ' #定义时间的显示
Export Histtimeformat #作为history的时间变量将值传递给history
The following modifications are completed:
994 2016-03-31 06:22:57vim/etc/ssh/sshd_config
995 2016-03-31 06:31:55VIM/ETC/BASHRC
996 2016-03-31 06:36:11history
In general I will back up the. bash_history file, and if hacked and he deletes the file, it's not going to know anything.
3,tcp_wrappers
Tcp_wrappers is a software used to analyze the TCP/IP encapsulation package
Configuration file in/etc/hosts.allow/etc/hosts.deny
The service in the system can not use the Tcp_wrappers firewall, depending on whether the service has a libwrapped library file, if the application can use
Set format
Service:host (s) [: Action]
Service Representative Services
Host hostname or IP address
Action actions, what to do when you meet the criteria
Such as:
All:all EXCEPT 192.168.1.119
Only allow 192.168.1.119 access, everything else is rejected
If you want to allow 192.168.1.10
Modify the file and join in the last line
[Email Protected]╭ァ rain throb ~]# Vim/etc/hosts.allow
sshd:192.168.1.10
By default, the system will look at the conditions in the/etc/hosts.allow file before you see the conditions in the/etc/hosts.deny
4,chattr and Lsattr
Lock system-critical files
chattr [-RV] [-v version] [mode] file or directory
-R recursively modify all files or directories
-V Displays the changes in detail and prints the output
The mode section is used to control the properties of the file, and the common parameters are
+ On the basis of the original parameter setting, append the parameter
-Remove parameters based on the original parameter setting
= Update to specified parameter
A append, after setting this parameter, you can only add data to the file, not remove
C Compress, set whether the file is compressed and then stored, read the need to go through the automatic decompression file
I immutable, the file can not be modified, deleted, renamed, set the connection, and can not write data or new content, etc.
s safely delete files or directories and reclaim disk space after deleting files
If you delete a file or directory, the system retains its data block so that you can recover the file later
lsattr [-adirvv] File or directory
-a lists all files in the directory, including the "." The file that starts with
-D Displays the specified directory properties
-R lists all files and subdirectories and attribute values in the directory recursively
-V Show file or directory version
Such as:
Chattr-r +i/etc/passwd
Chattr +a/var/log/message
This article is from the "Sunshineboy" blog, make sure to keep this source http://sunshineboy.blog.51cto.com/10310940/1765418
System security Knowledge