1 Server general Security Policy:
1) It is best to use a hardware firewall, iptables input chain default policy is drop, open the necessary ports.
2) password is absolutely safe, more than 24 people
3) Take key login, prevent brute force hack, prohibit root login, normal user + key authentication +ip limit + user limit
4) Periodic analysis of the system's log files, such as Last,lastlog,
5) regularly use grep error/var/log/messages to check the server for hardware corruption
6) Stop unnecessary services and harden the kernel.
2 The general processing process after the server has been compromised:
1) cut off the network;
2) Find the source of the attack: Analyze system log files and log files, (such as suspicious users, interrupt their remote connection)
Such as:
[Email protected] ~]# tail-f/var/log/messages
[Email protected] ~]# Lastlog
[Email protected] ~]# LASTB #查看失败的登陆记录
[Email protected] ~]# tail-f/var/log/secure #查看用户相关的安全日志
3) Analysis of the causes and ways of intrusion;
The reasons for the intrusion are manifold, either a system vulnerability or a program vulnerability, which requires finding an attack source and a way to remove and fix the vulnerability.
4) backup data;
5) Re-install the system (according to the actual situation, such as the provision of online services is obviously not practicable)
6) Hotfix or system vulnerability
7) Recovery of data and networks;
This article from "10,000 years too long, seize" blog, please be sure to keep this source http://zengwj1949.blog.51cto.com/10747365/1927942
Linux Server Security Policy