How to enhance redhatlinux security-Linux Enterprise Application-Linux server application information. I am not very proficient in linux. I am just a beginner. I have not studied it carefully due to time. today I have summarized some tips for improving redhat linux system security.
1. All special accounts are prohibited: Default accounts are not used for lp, sync, shutdown, halt, news, games, gopher, and other users: [root @ redhat/] # userdel LP: [root @ redhat/] # groupdel LP
2. Start shadow and change the existing password and group in the system to the shadow password and group: Use the/usr/sbin/authconfig program to open the shadow and then use the pwconv and kgconv commands respectively.
3. Prohibit normal users from accessing the console: Run [root @ redhat/] # rm? F/etc/security/console. apps/halt
Of course, you can also delete xserver files. In this way, no one except root can start xserver.
4, so that the system does not respond to ping: add the echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all command to/etc/rc. d/rc. in the local file, when the system is restarted, the ping request is automatically disabled.
5. display the system release file: Change the telnet option in the/etc/inetd. conf file to telnet stream tcp nowait root/usr/sbin/tcpd in. teknetd? H
6. Do not log on to the root user from different consoles: edit the/ect/security file and add it before the unwanted tty # disable the selected Device
8. Edit the/ect/host. conf file: add it to the/ect/host. conf file.
# Lookup names via DNS first then fall back to/ect/hosts
Order bing, hosts
# We have machines with multiple IP address
Multi on
# Check for IP address spoofing
Nospoof on
9. Hide the system information. First, write # In the/ect/rc. d/rc. local file before these rows.
# This will overwrite/ect/issue at every boot. So. make any changes you
# Want to make to/ect/issue here or you will lose them when you reboot
# Echo "">/ect/issue
# Echo "$ R">/ect/issue
# Echo "Kernel $ (uname? R) on $ a $ (uname? M) ">/ect/issue
#
# Cp? F/ect/issue/ect/issue.net
# Echo>/ect/issue
Then, delete the issue and issue.net files under the/ect directory.
[Root @ redhat/] # rm? F/ect/issue
[Root @ redhat] # rm? F/ect/issue.net
10. Delete the. bash_history file: Add rm to the/ect/skel/. bash_logout file? F $ HOME/. bash_history: The. bash_history file is automatically deleted every time the user exits.
I have not explained the meaning of many of the above commands and the reasons for using these commands, mainly for fear of trouble, sorry
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.