How is the security of server Linux file systems improved?

1. Locking system Important files

The system operator may sometimes encounter situations where a file cannot be modified or deleted by the root user, most likely because the file is locked. The command to lock a file under Linux is Chattr, which allows you to modify the file properties of the Ext2, ext3, and Ext4 file systems, but this command must be performed by Superuser root. The command corresponding to this command is lsattr, which is used to query the file properties.

The chattr command to modify file or directory file attributes can improve the security of the system, the following simple introduction

Chattr and lsattr The use of two commands.

The syntax format for the CHATTR command is as follows:

chattr [-RV] [-v version] [mode] file or directory

Sattr is used to query the file attributes, the usage is simple, its syntax format is as follows:

lsattr [-adlrvv] File or directory

2.Linux File system permissions check and modify

Improper permission settings directly threaten the security of the system, so OPS personnel should be able to detect these incorrect permission settings in a timely manner and fix them immediately. Here are a few ways to find insecure permissions for Linux file systems.

(1) Find a file or directory where any user in the system has write permission

Find files: Find/-type f-perm-2-o-perm-20 |xargs ls-al

Find directory: Find/-type d-perm-2-o-perm-20 |xargs ls–ld

(2) Find All Programs with "s" bits in the system

Find/-type F-perm-4000-o-perm-2000-print | Xargs Ls–al

3./tmp,/var/tmp,/DEV/SHM security settings

In the Linux file system, there are two main directories or partitions that are used to store temporary files, namely/TMP and/VAR/TMP. The directory or partition where temporary files are stored has one thing in common: All users can read and write, executable, which leaves a security risk to the system. The attacker can put the virus or Trojan script into the directory of temporary files for information collection or camouflage, serious impact on the security of the server, if you modify the temporary directory read and write execution permissions, but also can affect the normal operation of the application on the system, so, if you want to balance the two, You will need to have special settings for both directories or partitions.

/DEV/SHM is a shared memory device under Linux, the system will load/DEV/SHM by default when Linux is booted, the loaded/DEV/SHM uses the Tmpfs file system, and TMPFS is a memory file system. The data stored in the Tmpfs file system resides entirely in RAM, so that the/DEV/SHM can directly manipulate the system memory, which is very dangerous, so how to ensure/DEV/SHM security is also critical. AC qq:2881064152 Bun

How is the security of server Linux file systems improved?