Linux SECURITY: Step by Step (3) (1)

NFS service
Network file systems constitute the basis for sharing files in the Unix world. If you want to disable any shared directories, you can add NFS restrictions, such as locking the/etc/exports file and defining the shared directories in advance. If you do not want to share the file with users and only restrict user access, you need to modify the NFS startup script. Edit the/etc/init. d/nfs file, find a line of the daemon and comment it out.

/etc/init.d/nfs# daemon rpc.nfsd $RPCNFSDCOUNT

Many configuration files and commands in the system are very sensitive. Modifying permissions and adding read-only attributes can avoid security issues to some extent.

Chmod 700/bin/rpm # NFS shared directory configuration file chmod 600/etc/exports # host access control file chmod 600/etc/hosts. * chmod R 751/var/logchmod 644/var/log/messages # System log configuration file chmod 640/etc/syslog. confchmod 660/var/log/wtmpchmod 640/var/log/lastlogchmod 600/etc/ftpusers # User Password File chmod 644/etc/passwdchmod 600/etc/shadow # Check module configuration file directory: chmod R 750/etc/pam. dchmod 600/etc/lilo. conf # Terminal Configuration File chmod 600/etc/securettychmod 400/etc/shutdown. allow # System Access security Configuration File chmod 700/etc/security # network system configuration file chmod R 751/etc/sysconfig # super daemon configuration file chmod 600/etc/xinetd. confchmod 600/etc/inetd. confchmod R 750/etc/rc. d/init. d/chmod 750/etc/rc. d/init. d/* # run the program control file chmod 600/etc/crontabchmod 400/etc/cron. * # SSH configuration file chmod 750/etc/ssh # kernel Control Configuration File chmod 400/etc/sysctl. confgchattr + I/etc/serviceschattr + I/etc/groupchattr + I/etc/gshadowchattr + I/etc/hosts. * chattr + I/etc/xinetd. confchattr + I/etc/exportschattr + I/bin/loginchattr + a/var/log/message