Linux Optimization & Security Operations & Hacker attack

Source: Internet
Author: User
Tags system log

optimization :

User can be deleted: Adm,lp,sync,shutdown,halt,news,uucp,operator,games,gopher. : Userdel Games

To delete a group: Adm,lp,news,uucp,games,dip,pppusers,popusers,slipusers. : Groupdel Games

Users who do not require user login, such as www for Apache users can turn off their login function: usermod-s/sbin/nologin www

Remove Redundant login welcome information:/ETC/ISSUE,/ETC/ISSUE.NET,/ETC/REDHAT-RELEASE,/ETC/MOTD. #如果需要用户登录完之后显示/etc/issue.net information in/etc/ssh/sshd_config join

Banner/etc/issue.net

Other files that contain system information:/etc/redhat-release, #/etc/motd The file is displayed in the user terminal, you can write some notifications for example: Welcome login.

Turn off shortcut key restart: vim/etc/init/control-alt-delete.conf #exec/sbin/shutdown-r Now "Control-alt-delete pressed"

to turn off redundant services :

Services not required under normal circumstances:

Anacron,auditd,autofs,avahi-daemon,avahi-dnsconfd,bluetooth,cpuspeed,firsboot,gpm,haldaemon,hidd,

IP6TABLES,IPSEC,ISDN,LPD,MCSTRANS,MESSAGEBUS,NETFS,NFS,NFSLOCK,NSCD,PCSCD Portmap,readahead_early,restorecond,

Rpcgssd,rpcidmapd,rstatd,sendmail,setroubleshoot,yppasswdd Ypsery. : Chkconfig--level 345 Anacron off

      services that the system must run:

service name

Service Content

 acpid power management  
 APMD Advanced Power Management to monitor battery performance  
 kudzu detects hardware changes  
 crond provides running service   for automatically scheduled processes under Linux;
 atd Scheduled task function acquaintance  
 keytables mount the mirrored keyboard  
 iptables built-in firewall  
 xinetd Core daemon support for multiple network services  
 xfs x Windows required service  
 network to start the Network service  
 sshd remote secure login  
syslog  Records System Log service  

Close password login, use key login: Vim/etc/ssh/sshd_config #PasswordAuthentication No

Restart sshd:/etc/rc.d/init.d/sshd restart

System security

User Rights : vim/etc/sudoers

A command that allows an ordinary user to execute a right: Username all= (All) Nopasswd:all #该用户可以提权sudo Su-

Allows a normal user to execute only one privileged command: User01 All=/bin/more/etc/shadow, User01 all=nopasswd:/etc/init.d/httpd restart

Simple firewall configuration: /etc/hosts.allow/etc/host.deny #先匹配hosts. Allow to end if there is a match, and no to continue matching. Common Services (Sshd,vsftpd,sendmail)

Example: Vim/etc/hosts.allow #sshd: 1.1.1.1 vim/etc/host.deny #sshd: All #拒绝除1. sshd Service connections outside of 1.1.1.

File system security

     : Chattr-r +i #锁定该文件的权限 lsattr [-adlrvv] Query file properties.

File permissions check and modify:

Sudi and Sgid Explanation: http://www.cnblogs.com/cp-miao/p/5519123.html

Find files and directories where all users have write access: Find/-type f-perm-2-o-perm-20 | Xargs ls-al:find/-type f-perm-2-o-perm-20 | Xargs Ls-ld

Find the program containing the ' s ' bit: Find/-type f-perm-4000-o-pperm-2000-print | Xargs Ls-al #有S位可提权, as low as possible.

      Find all files with Sudi and Sgid: Find/-user root-perm-2000-print-exec md5sum {} \; Find/-user root-perm-4000-print-exec md5sum {} \;

          #可把该结果保存在一个文件里面, can be used later to compare permissions to see if server files have been tampered with

Find/-nouser-o-nogroup #找出可以属主的文件 to avoid hacker exploits.

Permissions control for the TMP temp directory: Create a new directory to give permission control after the mount to TMP.

 1 dd-f=/dev/zero of =/dev/tmpfs bs=1m Count=10002 mke2fs-j/dev/tmpfs 3 cp-av/tmp/tmp.old< Span style= "color: #008080;" >4 mount-o loop,noexec,nosuid,rw/dev/tmpfs/tmp5 chmod 1777/tmp6 mv-f/tmp.old/*/tmp /7 rm-rf/tmp.old       

Vim/etc/fstab

/dev/tmpfs/tmp ext3 LOOP,NOSUID,NOEXEC,RW 0 0 #如果tmp目录直接是挂载目录的话直接添加:loop,nosuid,noexec. Write a shell script in/TMP and run the test.

/dev/shm #共享内存设备, Mount Properties modified: Tmpfs/dev/shm tmpfs DEFAULTS,NOSUID,NOEXEC,RW 0 0.

 

Hacker attack

      Chkrootkit Backdoor rootkit Detection Tool, www.chkrootkit.org #用法/usr/local/chkrootkit/chkrootkit

Backup the system commands needed to chkrootkit intrusion detection:

mkdir /usr/share/. Commandscp 'whichawkcutecho  FindegrepIDheadlspsseduname'/usr /share/. Commands/usr/local/chkrootkit/chkrootkit-p/usr/share/.commands/

      

Linux Optimization & Security Operations & Hacker attack

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.