Linux platform security protection policy continued

Linux platform security protection policy-Allow and disable remote access

In Linux, you can use the/etc/hosts. allow and/etc/hosts. deny files to allow and disable remote host access to local services. The common practice is:

(1) edit the hosts. deny file and add the following lines: # Deny access to everyone.

ALL: ALL @ ALL

All services are prohibited from all external hosts unless specified by the hosts. allow file.

(2) edit the hosts. allow file and add the following lines: # Just an example:

Ftp: 202.84.17.11 xinhuanet.com

The server with the IP address 202.84.17.11 and host name xinhuanet.com is allowed to access the FTP service as the Client.

(3) After the settings are complete, use tcpdchk to check whether the settings are correct.

Linux security policy-limit Shell Command record size

By default, bash shell stores up to 500 Command records in the file $ HOME/. bash_history (the default number of records varies depending on the system ). In the system, each user's home directory has such a file. I strongly recommend that you limit the size of this file.

You can edit the/etc/profile file and modify the options as follows: HISTFILESIZE = 30 or HISTSIZE = 30

Linux platform security protection policy-DELETE Command records when logging out

Edit the/etc/skel/. bash_logout file and add the following line: rm-f $ HOME/. bash_history

In this way, all users in the system will delete their command records when logging out.

If you only need to set a specific user, such as the root user, you can only modify the/$ HOME/. bash_history file in the user's HOME directory and add the same row.

Linux platform security protection policy-disable unnecessary SUID programs

SUID allows common users to execute a program as root, so such programs in the system should be strictly controlled.

Find out the program with s-bit root: # find/-type f (-perm-04000-o-perm-02000)-print | less

Prohibit unnecessary programs: # chmod a-s program_name

Linux platform security protection policy-check the information displayed at startup

When a Linux system is started, a large series of boot information will be rolled over on the screen. If a problem occurs when the system is started, run the following command to check the problem: # dmesg> bootmessage

This command will redirect the information displayed at startup to a file bootmessage.

Linux platform security protection policy-disk space maintenance

Checking disk space frequently is necessary to maintain the Linux File System. In Linux, the most frequently used commands for disk space maintenance are df and du.

The df command mainly checks the usage of the file system. The common usage is: # df-k

Filesystem 1k-blocks Used Available Use % Mounted on

/Dev/hda3 1967156 1797786 67688 96%/

Run the "du" command to check disk space occupied by files, directories, and sub-directories. Generally, the "-s" option is used to display only the total disk space occupied by directories, the following sub-directories occupy disks. % Du-s/usr/X11R6 /*

34490/usr/X11R6/bin

1/usr/X11R6/doc

3354/usr/X11R6/include

The Security Protection Policy of Linux is not only introduced in this article, but more knowledge requires you to pay attention to it. We just introduced a part of it for you and hope you have mastered it.