Generally, most enterprises do not have relevant information security technicians and do not conduct security audits and penetration tests on information systems, in addition, the relevant technical personnel often do not have relevant information security technicians for most enterprises whose operating systems or applications, and do not conduct security audits and penetration tests on the information systems, in addition, the related technical staff often take a fluke and lazy attitude towards the security and reliability of their operating systems or applications, resulting in: serious problems such as information system Trojans, page tampering, database explosion, and server theft have also occurred in my work.
Some time ago, due to the negligence of application vulnerabilities, the Public Information Network of the municipal Bureau was hacked by hackers. Fortunately, the impact was not great, the server was not won, and other servers in the IDC were not affected, the consequences were not very serious and were not reported to the network supervision Corps. after half an hour of efforts, the black chain was deleted and the vulnerability of the problem was fixed, later, according to the related information security classified protection measures, basic reinforcement measures were taken for the relevant server operating system. the specific measures are as follows:
1. disable cd-rom startup with Bios password
2. ssh security-prohibit root login
# Vi/etc/ssh/sshd_config
# Change the protocol to 2
# PermitRootLogin no prohibit Root users from logging on to ssh
3. disable telnet
# Vi/etc/xinetd. d/telnet
# Disable = yes
4. disable code compilation-specify a compilation group
# Groupadd compiler
# Cd/usr/bin
# Chgrp compiler * cc *
# Chgrp compiler * ++ *
# Chgrp compiler ld
# Chgrp compiler
# Chgrp root mysqlaccess
# Chomd 750 * cc *
# Chomd 750 * ++ *
# Chomd 750 ld
# Chomd 750
# Chomd 755 mysqlaccess
# Vi/etc/group
Compiler: x: 520: user1, user2
5. hosts. allow and hosts. deny restrict access to the inet service.
# Vi/etc/hosts. allow
Format:
ALL: 10.2.3 .*
Proftpd: 10.2.3 .*
Ipop3: 10.2.3 .*
Sshd: 10.2.3. *: allow allows 10.2.3. * Access
# Vi/etc/hosts. deny
# Sshd: 10.2.3. *: deny rejects 10.2.3. * Access
When hosts. allow conflicts with hosts. deny, hosts. allow prevails.
6. create a su User Group
# Vi/etc/group
# Wheel: x: 10: root, user1, user2
# Chgrp wheel/bin/su
# Chmod u + s 710/bin/su
7. root notification
An email is sent when a user with root permission logs on.
# Vi/root/. bashrc
Echo 'alert-root shell access on: ''date' who '| \
Mail-s "Alert: root access from 'who | \
Cut-d "("-f2 | cut-d ")"-f1 '"zonko@163.com
8. history security
Avoid deleting. bash_history or redirecting/dev/null
# Chattr + a. bash_history
# Lock the chattr + I. bash_history History Command
9. welcome information
Delete/etc/redhat-release
Edit/etc/issue/etc/motd
10. disable all special accounts
News, lp, sync, shutdown, uucp, games, halt, etc.
# Userdel user groupdel user
# Usermod-L-s/bin/fasle user lock a specific account
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
