LINUX Security Operations (v)

Let me introduce some of the security tips for Linux, which are simple and practical, and they are called kick for the process of biting gold:

First Axe: Delete the system version information and welcome information

(1) The system's version information, in the System Manager to provide convenience, but also to provide the convenience of hackers! A file that can empty version information.

# >/etc/issue//This file has the system version information, a greater than sign > can be emptied

# >/etc/issue.net//Ibid

# >/etc/redhat-release//Ibid

(2) Modify the Welcome information of the system

# echo "Warning, do not login to the system without the administrator's consent, otherwise the consequences are self-/etc/motd" >

Put the above paragraph into the/ETC/MOTD after the hacker in the login system, will appear in front of hackers, play a warning role! In case of future lawsuits with hackers, the role of this sentence is very large.

Second Axe: Disable the server "Ctrl + ALT + DELETE" shortcut key restart command

My system is CentOS 6.5. This is what I forbid:

# vim/etc/init/control-alt-delete.conf

Find the following line, plus #, comment out

Exec/sbin/shutdown-r Now "Control-alt-delete pressed"

The third axe: The last axe, definitely the finale some

In the Linux system, through the history of this command, you can view all the user's historical records. But only command, no time to execute, no details! ------now give you 4 lines of command, paste it in the last line of/ETC/BASHRC, you can see when the execution of the command, I have executed, you directly copy.

#vim/ETC/BASHRC//Open this file, paste in command

histfilesize=4000
histsize=4000
histtimeformat= '%F%T '
Export Histtimeformat

What if the hacker had deleted the history order? What do you do when you can't see anything?

to keep the server secure, it is important to retain historical commands!

Paste the following code into the last line of the/etc/profile file, it is very useful, can realize the detailed logging of the login's IP address, the user name of the login, the operation of which Shell commands, and detailed operating time, and so on. You can copy the code directly.

# Vim/etc/profile//Open this file and paste it on the last line

#history
user_ip= ' who-u am I 2>/dev/null |awk ' {print $NF} ' |sed-e ' s/[()]//g '
Histdir=/usr/share/.history//Under/usr/share/.history, use the hidden directory to be more secure
If [-Z $USER _ip]
Then
User_ip= ' hostname '
Fi
if [!-D $HISTDIR]
Then
Mkdir-p $HISTDIR
chmod 777 $HISTDIR
Fi
if [!-D $HISTDIR/${logname}]
Then
Mkdir-p $HISTDIR/${logname}
chmod $HISTDIR/${logname}
Fi
Export Histsize = 4000
dt= ' Date +%y+%m%d_%h%m%s '
Export histfile= "$HISTDIR/${logname}/${user_ip}.history. $DT"
Export histtimeformat= "[%y.%m.%d%h:%m:%s]"
chmod $HISTDIR/${logname}/*.history* 2>/dev/null

This code is in effect immediately. If not, you can restart the machine (login with other users for easy observation)

# Cd/usr/share/.history//Enter this directory to see which users are logged in to the server and what commands are being manipulated

# CD User01//User01 is a directory, I use User01 this user login to the server, only this directory, you use other users to log in, there will be other users of the directory.

#ls-al//Display files that document what commands I have user01 this user to manipulate.

Kick introduction is complete.

LINUX Security Operations (v)