Linux Security Settings Manual

Article Title: Linux Security Settings manual. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

This article describes how to use basic security measures to make your Linux system reliable.

1. Bios Security

You must set a password for the Bios to prevent starting from a floppy disk by changing the startup sequence in the Bios. This can prevent others from trying to start your system with a special boot disk, or prevent others from entering the Bios to change the settings (for example, enabling a floppy disk ).

2. LILO Security

In the "/etc/lilo. conf" file, add the following three parameters: time-out, restricted, and password. These three parameters allow your system to require password verification when starting lilo.

Step 1:

Edit the lilo. conf file (vi/etc/lilo. comf). If you want to modify or modify these three parameters:

Boot =/dev/hda
Map =/boot/map
Install =/boot. B
Time-out = 00 # Set this line to 00
Prompt
Default = linux
Restricted # Join this line
Password = # Add this line and set your own password
Image =/boot/vmlinuz-2.2.14-12
Label = linux
Initrd =/boot/initrd-2.2.14-12.img
Root =/dev/hda6
Read-only

Step 2:

Because the "/etc/lilo. conf" file contains a plaintext password, set it to the root permission for reading.

[Root @ kapil/] # chmod 600/etc/lilo. conf

Step 3:

Update the system to make modifications to the "/etc/lilo. conf" file.

[Root @ kapil/] #/sbin/lilo-v

Step 4:

Run the "chattr" command to make the "/etc/lilo. conf" file unchangeable.

[Root @ kapil/] # chattr + I/etc/lilo. conf

This prevents any changes (other than or for other reasons) to "/etc/lilo. conf)

3. Delete all special accounts

You should delete all unused default users and group accounts (such as lp, sync, shutdown, halt, news, uucp, operator, games, And gopher ).

Delete A User:

[Root @ kapil/] # userdel LP

Delete group:

[Root @ kapil/] # groupdel LP

4. Select the correct password

Make the following changes before selecting the correct password:

Change Password Length: the default password length is 5 bytes when you install linux. But this is not enough. Set it to 8. To change the shortest password length, edit the login. defs file (vi/etc/login. defs ).

PASS_MIN_LEN 5

Change

PASS_MIN_LEN 8

The login. defs file is the configuration file of the login program.

[1] [2] [3] [4] Next page