Linux Security Settings Manual

Source: Internet
Author: User
Article Title: Linux Security Settings manual. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

This article describes how to use basic security measures to make your Linux system reliable.

1. Bios Security

You must set a password for the Bios to prevent starting from a floppy disk by changing the startup sequence in the Bios. This can prevent others from trying to start your system with a special boot disk, or prevent others from entering the Bios to change the settings (for example, enabling a floppy disk ).

2. LILO Security

In the "/etc/lilo. conf" file, add the following three parameters: time-out, restricted, and password. These three parameters allow your system to require password verification when starting lilo.

Step 1:

Edit the lilo. conf file (vi/etc/lilo. comf). If you want to modify or modify these three parameters:

Boot =/dev/hda
Map =/boot/map
Install =/boot. B
Time-out = 00 # Set this line to 00
Prompt
Default = linux
Restricted # Join this line
Password = # Add this line and set your own password
Image =/boot/vmlinuz-2.2.14-12
Label = linux
Initrd =/boot/initrd-2.2.14-12.img
Root =/dev/hda6
Read-only

Step 2:

Because the "/etc/lilo. conf" file contains a plaintext password, set it to the root permission for reading.

[Root @ kapil/] # chmod 600/etc/lilo. conf

Step 3:

Update the system to make modifications to the "/etc/lilo. conf" file.

[Root @ kapil/] #/sbin/lilo-v

Step 4:

Run the "chattr" command to make the "/etc/lilo. conf" file unchangeable.

[Root @ kapil/] # chattr + I/etc/lilo. conf

This prevents any changes (other than or for other reasons) to "/etc/lilo. conf)

3. Delete all special accounts

You should delete all unused default users and group accounts (such as lp, sync, shutdown, halt, news, uucp, operator, games, And gopher ).

Delete A User:

[Root @ kapil/] # userdel LP

Delete group:

[Root @ kapil/] # groupdel LP

4. Select the correct password

Make the following changes before selecting the correct password:

Change Password Length: the default password length is 5 bytes when you install linux. But this is not enough. Set it to 8. To change the shortest password length, edit the login. defs file (vi/etc/login. defs ).

PASS_MIN_LEN 5

Change

PASS_MIN_LEN 8

The login. defs file is the configuration file of the login program.

[1] [2] [3] [4] Next page

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.