Linux Server Basic Security Configuration Manual (1)

If you want to build a Linux server and want to maintain it for a long time, you need to consider many factors such as security performance and speed. A correct basic linux Security Configuration manual is especially important. In this article, I will introduce you to the Basic Security Configuration manual for Linux servers under edhat/centos 4 and 5.

Installation notes

1. delete a special user account of the system:

Disable all accounts that are started by the operating system and do not need it by default. This check should be performed when you install the system for the first time. Linux provides various accounts, which you may not need, if you do not need this account, remove it. The more accounts you have, the more vulnerable you will be to attacks.

# To delete users on your system, run the following command: [root @ c1gstudio] # userdel username # batch Delete Method
# Delete the "adm lp sync shutdown halt mail news uucp operator games gopher ftp" account
# If you are using ftp or other services, you can retain the ftp account.
For I in adm lp sync shutdown halt mail news uucp ope
Rator games gopher ftp; do userdel $ I; done

2. Delete special system group accounts

[Root @ c1gstudio] # groupdel groupname # batch deletion method for I in adm lp mail news uucp games dip pppusers popusers slipusers; do groupdel $ I; done

3. User password settings

The minimum length of the default password for linux installation is 5 bytes, but this is not enough. Set it to 8 bytes. To change the shortest password length, edit the login. defs file # vi/etc/login. defs

PASS_MAX_DAYS 99999 # default password setting maximum validity period) PASS_MIN_DAYS 0 # password setting minimum validity period PASS_MIN_LEN 5 # set minimum password length, change 5 to 8PASS_WARN_AGE 7 # How many days in advance to warn that the user password will expire soon. Then modify the Root password # passwd rootNew UNIX password: Retype new UNIX password: passwd: all authentication tokens updated successfully.

4. Modify the automatic account cancellation time

The root account has the highest privilege in Linux. If the system administrator forgets to log out of the root account before leaving the system, this poses a major security risk and should be automatically logged out by the system. You can implement this function by modifying the "TMOUT" parameter in your account. TMOUT is calculated in seconds. Edit your profile file vi/etc/profile), and add the following line after "HISTSIZE =:

TMOUT = 300

300 indicates 300 seconds, that is, 5 minutes. In this way, if the user logged on to the system does not take action within five minutes, the system will automatically cancel the account.