How Linux systems set up security management

Linux is a free broadcast class operating system, Linux system process under certain conditions can be any file, database and so on operation. If this process is used by lawless elements for other unlawful purposes, the system will be greatly compromised. As the majority of the server in the market share of the Linux system, this premise must ensure the security of the computer system, so we have to the process of security management. So how do you set up Linux system security management?

　　The following steps are to set up system security management:

　　1. Safety of the Boot program

The root password of the Linux system is easy to crack, if you do not set the bootstrapper password, such as Grub or LILO, in order to prevent the root password from being deciphered through the bootstrapper, it is highly recommended that you set the boot password for grub or LILO, and you can edit its configuration file/etc/ Grub.conf or/etc/lilo.conf, set the password parameter.

　　2. Unsafe permission settings

Everyone common Linux file permissions are r W x, in fact, there is also a permission called S, if given a file to give the S permission, then this file in the execution will have the corresponding host user or host group user permissions, such as:

#chmod U+s testfile

#ls-la testfile

RWSR-----root root testfile

Thus, when the file is executed by another user, the user has the Execute permission on the testfile of this file host user root. Similarly, when a file's host group has the S permission, it is quite dangerous for the user who executes the file to have permissions on the file to the user of this file host group.

You can imagine, if the command chmod file is given the S permission, then other users what things can not do it? Then it can change the permissions of any file, of course, the S permission needs and X permissions combined use, without x permission of S is meaningless.

　　3. Automatic logoff

When a user forgets to log out after using the server, it is also very dangerous, at this point, the administrator can set the/etc/profile file timeout parameters, when the user for a period of time do not do anything, the system automatically log off this user.

　　4. Set Password complexity

In order to prevent the system user password is too simple to be deciphered, may edit the/etc/login.defs file, sets the system user password complexity, for instance the password longest, the shortest, the expiration time and so on.

　　5. Prohibit unnecessary user login system

To prevent other non-system users from landing the system, it is possible to give the user a Non-existent home directory and a non-existent shell environment when adding users, and of course, it is best to change the access rights of the/etc/passwd and/etc/shadow two files so that the root user can access them.