Linux SECURITY: Step by Step (3) (1)

Source: Internet
Author: User

NFS service
Network file systems constitute the basis for sharing files in the Unix world. If you want to disable any shared directories, you can add NFS restrictions, such as locking the/etc/exports file and defining the shared directories in advance. If you do not want to share the file with users and only restrict user access, you need to modify the NFS startup script. Edit the/etc/init. d/nfs file, find a line of the daemon and comment it out.

/etc/init.d/nfs# daemon rpc.nfsd $RPCNFSDCOUNT

Many configuration files and commands in the system are very sensitive. Modifying permissions and adding read-only attributes can avoid security issues to some extent.

Chmod 700/bin/rpm # NFS shared directory configuration file chmod 600/etc/exports # host access control file chmod 600/etc/hosts. * chmod R 751/var/logchmod 644/var/log/messages # System log configuration file chmod 640/etc/syslog. confchmod 660/var/log/wtmpchmod 640/var/log/lastlogchmod 600/etc/ftpusers # User Password File chmod 644/etc/passwdchmod 600/etc/shadow # Check module configuration file directory: chmod R 750/etc/pam. dchmod 600/etc/lilo. conf # Terminal Configuration File chmod 600/etc/securettychmod 400/etc/shutdown. allow # System Access security Configuration File chmod 700/etc/security # network system configuration file chmod R 751/etc/sysconfig # super daemon configuration file chmod 600/etc/xinetd. confchmod 600/etc/inetd. confchmod R 750/etc/rc. d/init. d/chmod 750/etc/rc. d/init. d/* # run the program control file chmod 600/etc/crontabchmod 400/etc/cron. * # SSH configuration file chmod 750/etc/ssh # kernel Control Configuration File chmod 400/etc/sysctl. confgchattr + I/etc/serviceschattr + I/etc/groupchattr + I/etc/gshadowchattr + I/etc/hosts. * chattr + I/etc/xinetd. confchattr + I/etc/exportschattr + I/bin/loginchattr + a/var/log/message


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.