How to enhance redhatlinux System Security

How to enhance redhatlinux security-Linux Enterprise Application-Linux server application information. I am not very proficient in linux. I am just a beginner. I have not studied it carefully due to time. today I have summarized some tips for improving redhat linux system security.

1. All special accounts are prohibited: Default accounts are not used for lp, sync, shutdown, halt, news, games, gopher, and other users: [root @ redhat/] # userdel LP: [root @ redhat/] # groupdel LP

2. Start shadow and change the existing password and group in the system to the shadow password and group: Use the/usr/sbin/authconfig program to open the shadow and then use the pwconv and kgconv commands respectively.

3. Prohibit normal users from accessing the console: Run [root @ redhat/] # rm? F/etc/security/console. apps/halt

[Root @ redhat/] # rm? F/etc/security/console. apps/poweroff

[Root @ redhat/] # rm? F/etc/security/console. apps/reboot

[Root @ redhat/] # rm? F/etc/security/console. apps/shutdown

Of course, you can also delete xserver files. In this way, no one except root can start xserver.

4, so that the system does not respond to ping: add the echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all command to/etc/rc. d/rc. in the local file, when the system is restarted, the ping request is automatically disabled.

5. display the system release file: Change the telnet option in the/etc/inetd. conf file to telnet stream tcp nowait root/usr/sbin/tcpd in. teknetd? H

6. Do not log on to the root user from different consoles: edit the/ect/security file and add it before the unwanted tty # disable the selected Device

7. Protect the/ect/services file: Run [root @ redhat/] # chattr + I/ect/services

8. Edit the/ect/host. conf file: add it to the/ect/host. conf file.

# Lookup names via DNS first then fall back to/ect/hosts

Order bing, hosts

# We have machines with multiple IP address

Multi on

# Check for IP address spoofing

Nospoof on

9. Hide the system information. First, write # In the/ect/rc. d/rc. local file before these rows.

# This will overwrite/ect/issue at every boot. So. make any changes you

# Want to make to/ect/issue here or you will lose them when you reboot

# Echo "">/ect/issue

# Echo "$ R">/ect/issue

# Echo "Kernel $ (uname? R) on $ a $ (uname? M) ">/ect/issue

#

# Cp? F/ect/issue/ect/issue.net

# Echo>/ect/issue

Then, delete the issue and issue.net files under the/ect directory.

[Root @ redhat/] # rm? F/ect/issue

[Root @ redhat] # rm? F/ect/issue.net

10. Delete the. bash_history file: Add rm to the/ect/skel/. bash_logout file? F $ HOME/. bash_history: The. bash_history file is automatically deleted every time the user exits.

I have not explained the meaning of many of the above commands and the reasons for using these commands, mainly for fear of trouble, sorry