Linux is vulnerable to DoS attacks, local users obtaining unauthorized file read/write permissions, remote users obtaining privileged file read/write permissions, and remote users obtaining root permissions.
The following measures can be taken to prevent:
(1) Delete all special accounts, including lp, shutdown, halt, news, uucp, operator, games, And gopher.
Refer to the following command:
- [root@redhat root]# userdel lp
- [root@redhat root]# groupdel lp
(2) modify the default root password length. The default root password length is 5 characters. We recommend that you change it to 8 characters.
Edit/etc/login. defs and change PASS_MIN_LEN 5 to PASS_MIN_LEN 8.
(3) Enable the password shadow support function and use md5 Algorithm encryption to add unchangeable properties to the shadow file.
The specific command is:
- [root@redhat root]# chattr +i /etc/shadow
(4) cancel all unnecessary services, such as Telnet and HTTP. Disable Telnet and edit/etc/xinetd. d/telnet, change disable = no to disable = yes, change/etc/xinetd. the conf permission is 600, and only root is allowed to read and write the file.
The specific command is:
- [root@redhat root]# chmod 600 /etc/
- xinetd.conf
(5) shield system logon information, including the Linux release, kernel version, and server host name.
The specific command is:
- [root@redhat root]# rm /etc/issue
- [root@redhat root]# rm /etc/issue.net
(6) do not press Ctrl + Alt + Del to shut down the system.
Edit the/etc/inittab:
- ca::ctrlaltdel:/sbin/shutdown-t3 -rnow
Changed:
- #ca::ctrlaltdel:/sbin/shutdown-t3-rnow
(7) root users are not allowed to log on from different consoles.
Edit/etc/securetty and add # Before the TTY device that does not need to be logged on. Do not log on to the TTY device as root.
(8) Use SSH for remote connection. Use the SSH client to connect to Linux and use the following command to connect to other Linux systems:
- [root@redhat root]# ssh -l root
- 192.168.2.180
(9) do not use the su command to change a common user to a root user. Edit/etc/pam. d/su and add the following content:
- auth sufficient /lib/security/pam_
- rootok.so debug
- auth required /lib/security/pam_
- wheel.so group=wheel
Wheel is an implicit group in the system. Only members of the wheel group can use the su command to become root.
(10) configure the firewall and keep an eye on Kernel updates on the Linux website at any time to maintain the latest system kernel.