Several files related to system security:
/etc/shells //Available Shell environment
/etc/passwd//user account information
/etc/shadow//user password information
/etc/group//Group information
/var/log/secure//su log information
/etc/sysconfig/network//Host name configuration file
Lock user password:
Usermod-l username
Passwd-l username
Unlock user password:
Usermod-u username
Passwd-u username
Passwd-s//view user status
User File Management:
/etc/skel//template directory for all user home directories
. bash_profile//Log on to the system when executed
. bash_logout//execution at logoff
. BASHRC//switch Shell when executing
File Lock:
chattr +i file//Lock files
Chattr-i file//Unlock Files
Lsattr//view file status
User Password Management:
Chage-d 0 Username//Mandatory user login must change password
CHAGE-M username//Set User password expiration date
Sed-i ' s/^pass_max_days.*/pass_max_days 30/'/etc/login.defs//user password created later by default is valid for 30 days
Command History Management:
History//view command histories
History-c//emptying command history
Sed-i ' s/histsize.*/histsize=10/'/etc/profile//Modify command history By default number of bars is 10
echo ' Export tmout=600 ' >>/etc/profile//Set terminal in 600 Ms No action will log off user
. /etc/profile//Read configuration file to make modified configuration take effect
SU Command management:
SU-L username//Switch User
Echo ' auth required pam_wheel.so use_uid ' >>/etc/pam.d/su//Set the specified user to use SU to switch users
GPASSWD-A username Wheel//will allow users with the Sue command to be added to the wheel group
The sudo command is detailed:
sudo: The current user, able to execute the specified command on the specified host with another specified user
Config file:/etc/sudoers,sudo definition file, general use Visudo to edit sudoers file, Visudo will check grammar automatically
Authorized user to allow logon host = (run as user, typically root) Run command
Example: Lisi all= (Root)/sbin/ifconfig//Allow Lisi users to run the ifconfig command as root on all hosts
Alias (group) settings:
1, User_alias(user alias)
2. Host_alias(host alias)
3. Cmnd_alias(command alias)
User aliases can include:
1, the user's user name
2, group name, with% as the guide
3. Other user aliases that have been defined
Host aliases can include:
1. Host Name
2. IP Address
3. Other host aliases that have already been defined
Command aliases can contain:
1, the absolute path of the command
2. Other defined command aliases
Note: The name of the alias must be in all uppercase English letters
Special Lattice settings:
COM =/usr/bin/passwd [a-za-z]*//must have a letter in the user name when using the passwd command
ELSE =! /USR/BIN/PASSWD root//cannot use the command to execute passwd root
Generally one uses:
NAME =/usr/bin/passwd [a-za-z]*,! /USR/BIN/PASSWD root //Does not allow password setting for root! reverse
This format is typically used when a command can pose a threat to the security of the root user itself.
Examples of aliases:
User_alias USER = User1,user2,user3,user4,user5 ... //Set user aliases
Host_alias HOST = Host1,host2,host3,host4,host5 ... //Set host Alias
Cmnd_alias comd = comd1,comd2,comd3,comd4,comd5 ... //SET command aliases
Disable Ctrl+alt+del restart:
/etc/init/control-alt-delete.conf//Comment out all the contents of the configuration file
Set Grub Password
/boot/grub/grub.conf //Modify GRUB configuration file
Grub-md5-crypt//Generate an encrypted string
Password--md5 encrypted string //grub Edit Password
Thedifference before and after title//title
Password--md5 encrypted string //Kernel load password
TTY Terminal number control:
/etc/init/start-ttys.conf//tty terminal configuration file
Env Active_consoles=/dev/tty[1-6]//profile contents, number of opening of the terminal
Env x_tty=/dev/tty1//config file contents, default login Terminal
/etc/sysconfig/init//tty terminal configuration file
ACTIVE_CONSOLES=/DEV/TTY[1-6]//profile contents, number of opening of the terminal, if you want to change the need to change two files at a time
Control root User Login terminal
/etc/securetty//Allow root user to log in from which Terminal, config file
Prohibit all ordinary users from logging on to the system
Touch/etc/nologin//Only need to create a file
This article is from the "Automated Operations" blog, please be sure to keep this source http://hongchen99.blog.51cto.com/12534281/1908207
Linux system security