Linux Server Security Tips

Source: Internet
Author: User

If your Linux server is exposed to unauthorized users (such as servers in the public room, public office), then its security will have serious problems.  use Single-user mode to enter the system linux boot: When prompted, use a special command such as Linuxsingle or Linux 1 to enter Single-user mode (single-user mode)

If your Linux server is exposed to unauthorized users (such as servers in the public room, public office), then its security will have serious problems.

 use Single-user mode to enter the system

linux boot: When prompted, use a special command, such as Linuxsingle or Linux 1, to enter Single-user mode (single-user mode). This command is useful, such as forgetting the Super User (root) password. Reboot the system, in the boot: prompted to enter the Linux single (or Linux 1), the super user into the system, edit the passwd file, remove the root line of X.

 Preventive measures:

 to the Super User (root) into the system, edit the/etc/inittab file, change the Id:3:initdefault settings, in which the additional line (as follows), so that the system to restart into Single-user mode, prompted to enter the Superuser password:

~~:s:walt:/sbin/sulogin

 then executes the command:/sbin/init Q to make this setting work.

 Transmission of dangerous parameters to the core at system startup

 the most common boot loader (boot loader) tool under Linux is Lilo, which is responsible for managing the boot system (which can be added to other partitions and operating systems). But it is also dangerous for some illegal users to start Linux randomly or pass dangerous parameters to the core when the system starts.

 Preventive measures:

 edit File/etc/lilo.conf, in which you add the restricted parameter, which must be used in conjunction with the following password parameter, indicating that you need to enter a password when passing to some parameters of the Linux kernel at boot: prompt.

The password parameter can be used with restricted, or it can be used separately, as described below.

 is used with restricted: the password is required to be passed to the kernel parameter only when it is started, and it is important to note that the password is not required in normal (default) mode.

 used alone (not used with restricted): means that no matter what startup mode, Linux will always require the password, if there is no password, there is no way to start Linux, in this case the security is higher, the equivalent of the periphery to add a layer of defensive measures. Of course it's bad-you can't reboot the system remotely unless you add restricted parameters.

 because the password is plaintext and not encrypted, the/etc/lilo.conf file must be set to be read only by Superuser, and can be set using the following command:

chmod 600/ietc/lilo.conf

 then executes the command:/SBIN/LILO-V, writes it to the boot sector, and makes the change effective.

 to enhance the security of the/etc/liio.conf file, you can also set this file as an immutable property, using the command:

chattr 10 i/etc/lilo.conf

 If you want to modify the/etc/liio.conf file later, use the chattr-i/etc/lilo.conf command to remove this attribute.

 Use the "Ctrl+alt+del" key combination to reboot

 for this, it is very important, and very easy to ignore, if the illegal user can access the server's keyboard, he can use the key combination "Ctrl+ait+del" to enable your server restart.

 Preventive measures:

 edit/etc/inittab file, give ca::ctrlaltdel:/sbin/shutdown-t3-r now comment # # #ca:: Ctrlaltdei:/sbin/shutdown-t3-r now.

 then executes the command:/sbin/init Q to make this change effective.

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.