Linux Security Settings

This article describes how to set in Linux to make your Linux system more secure.

1. You must set the BIOS password to prevent others from entering your system by modifying the first boot device (such as the boot disk. 2. set the password of the system boot program by setting the password of the system boot program to prevent others from entering the single-user mode of the system and forcibly change the root password, for grub2 password settings, refer to the previous article "keystore". These two files are located in the/etc directory. Anyone can read the system as needed, resulting in security flaws. The projection password changes the password in the file to the shadow and gshadow files in the/etc directory. Only the system administrator can read the password and replace it with the character "X, this effectively enhances system security. The pwconv command is used to enable the user's shadow password. generally, pwconv is used for password synchronization. The workflow is as follows: pwconv depends on the passwd's password zone 'x' to synchronize the/etc/passwd and/etc/shadow files. It controls the items in/etc/shadow Based on/etc/passwd: a: If/etc/shadow does not exist, pwconv uses/etc/passwd to create B: If/etc/shadow already exists, 1. if an entry already exists in passwd and is not in shadow, add related entry 2 in shadow. if an entry already exists in shadow but not in passwd, delete it from shadow. automatic logout when the user does not perform any operation within a period of time, the user is automatically logged out to prevent others from taking the opportunity. You can add tmout = XX (The unit of XX is seconds) at the end of the/etc/profile file. disable the ports currently listened to by the system by running the netstat command for unnecessary services. disable unnecessary services immediately. 6. TCP_WRAPPERS

TCP Wrappers uses the access control list (ACL) to prevent spoofing. ACL is the system list in the/etc/hosts. Allow and/etc/hosts. Deny files.

/Etc/hosts. allow and/etc/hosts. deny files are used to control remote access settings. They allow or deny users of an IP address or IP segment to access a service in Linux.

7. Restrict sudo permission to edit the/etc/sudoers file, and restrict sudo permission to a minimum range.