Linux security Q & A (1)

1. How to restrict excessive use of system resources?
1) edit the/etc/security/limits. conf file and add or change the following content:
* Hard core 0 // do not create a core File
* Hard rss 5000 // indicates that all users except the root user can use up to 5 MB of memory.
* Hard nproc 20 // indicates that the number of processes running simultaneously on the system is 20.
By modifying the above content in the limits. conf file, you can restrict users logging on to the system and over-using processes, core files, and memory. The asterisk (*) indicates all users logged on to the system.
2) edit the "/etc/pam. d/login" file and add the following content to the end of the file to make the above settings take effect:
Session required/lib/security/pam_limits.so
2. How do I disable the original IP route on the server?
Run the/etc/rc. d/rc. local file in the VI editor and add the following commands to the file to disable the original path routing on the server:
For r in/proc/sys/net/ipv4/conf/*/accept_source_route; do
Echo 0> $ r
Done
3. How do I limit the password length?
Use the vi compiler to open/etc/login. in the defs file, find the "PASS_MIN_LEN 5" line and change the content to "PASS_MIN_LEN 8" to set the minimum password length to five characters, the minimum value is 8 bits.
4. How to reduce the number of historical command lists?
The recently used command list is saved in "~ /. To reduce the number of saved command lists in the bash_history file, you can edit the "/etc/profile" file in the vi editor and modify the values of the following two items to the allowed values:
HISTFILESIZE = <integer>
HISTSIZE = <integer>
5. How do I set the NFS file system access permissions?
You can set the permission to allow the exported directory in the "/etc/exports" file. For example, if you want to set the strictest access permission, that is, you are not allowed to use any wildcard characters or write permissions of the root user, and you can only mount the directory as a read-only file system, open the "/etc/exports" file in the vi editor and add the following content:
/The Directory to be exported, such as/home/ly, allows host domain names mounted to this directory, such as liuyuan @ nf) (ro, root_squash)
Ro indicates the mount file system as the read-only file system, and root_squash indicates that the root user is prohibited from writing to the directory. Save the "/etc/exports" file and run the following command to make the modification take effect:
/Usr/sbin/exportfs-
6. How can I disable telnet, FTP, and other services in the Liunx system?
1.
Edit the/etc/inetd. conf file to disable services including telnet, FTP, imap, talk, and finger.
2.
Run the chmod 600/etc/inetd. conf command to modify the permission of the file.
3.
Run killall-HUP inet to make the modification take effect.
Another method is to use TCP to limit access to the above services on the local machine:
1.
Modify/etc/hosts. deny to "ALL: ALL" to deny ALL access to the local machine.
2.
Then add the allowed services and IP lines of the corresponding host in/etc/hosts. allow. For example, telnet: 192.168.1.2/255.255.255.0 liuyuan.
3.
You can use tcpdchk to check whether the settings of the two files are correct.
7. How can I restrict the character terminals that the root account can log on?
Open the/etc/securetty file in the vi editor, and comment out the login character terminals, you can add "#" before the character terminal to the annotation method, which means this is just a description.
8. In Linux, how does one prevent IP spoofing?
Use the vi editor to edit the host. conf file and add the following lines to prevent IP Spoofing:
Order bing, hosts
Multi off
Nospoof on
9. How do I prohibit normal users from using shutdown, reboot, halt, and other programs on character terminals?
Use the root permission to delete the console applications that are not required by a common account using the following commands on the Character terminal:
Rm-f/etc/security/<console application name>

This article is from the "xuanyuan meixiang" blog and will not be reproduced!