In-depth security reinforcement for Linux systems (2)
Source: Internet
Author: User
Article Title: Linux system deep security reinforcement (2 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
4. File System Permissions
Find out all programs with "s" bits in the system, remove unnecessary "s" bits, or delete unnecessary ones directly, which can prevent users from abusing and improving permissions, the command is as follows:
Add important files with unchangeable attributes:
Depending on the actual needs, some exploit overflow will write a statement to inetd. conf to bind the shell to listen on a port. At this time, this command will take effect, and the superficial intruders will think that the overflow will fail.
Find the file without a master in the system:
Find any file or directory with write permission:
Prevent intruders from writing Trojan statements (such as a copy of a shell) or inheriting the master permission for illegal access; find and reinforce files that have been used by intruders, such as. rhosts.
You cannot grant execution permissions to the ftp upload directory. For example, to provide a VM service that can run CGI, you should perform additional security configuration, compile etc/security/limits. conf, and add or change the following lines:
5. Banner disguise
Intruders usually attack through the operating system, service, and application versions. The oil leak list and attack process are also classified based on this. Therefore, it is necessary to make some effort to increase the difficulty of intrusion.
Change/etc/issue. Because reboot is reloaded, edit/etc/rc. d/rc. local as follows:
For the Apache configuration file, find the direve ve ServerTokens and ServerSignature, modify its default attributes as follows, and use the no-echo version number:
Modify the uname file, search for the uname. c source code, and find the following lines:
Modify it:
You can view the configuration file or source code for modifications to other services and programs. Do not change the configuration file too much. Otherwise, it will cause great trouble for system management.
(To be continued)
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
