LINUX Security Operations (i)

Linux security is very important! Worsens The meaning of this idiom is:

A lot of firewood in the kitchen of a family, someone pointed out that such a danger, it is easy to catch fire, proposed to improve (bend) flue, remove firewood. But the master did not listen. A day really caught fire, neighborhood came to rescue, the owner of the house was burned, the loss of heavy, prepared a hearty food to entertain neighborhood, but did not ask

Usually do a good defense work, than the fault of the stronger it!

Linux provides a variety of different users and roles, and some users and roles, the system simply does not need, should delete them, because the more accounts, the system is more insecure! Hackers may exploit them to threaten the security of the server.

Write a script, one-time deletion, I have experimented, you can directly copy with.

1. Delete unwanted users:

For i in {adm,lp,sync,shutdown,halt,news,uucp,operator,games,gopher}
Do
Userdel-r $i
echo "Userdel-r $i OK"
Done

2. Delete the unwanted groups:

For n in {adm,lp,news,uucp,games,dip,pppusers,popusers,slipusers}
Do
Groupdel $n
echo "Groupdel $n OK"
Done

Remember, delete the system users or groups, this is not a fixed requirement! According to the purpose of the server to delete!

For example, if the server is for Web applications, then the Apache users and user groups are retained, and if the user database is applied, the Apache users and user groups can be deleted.

Some users only make process calls or user group calls, do not require the login function, then use the following command to prevent it from logging on to the server:

# usermod-s/sbin/nologin Nagios//Prohibit Nagios users from logging on to the server,-S is the shell used to set up the user login

This article is from the "8174069" blog, please be sure to keep this source http://8184069.blog.51cto.com/8174069/1716964

LINUX Security Operations (i)