First, the Switch machine safety control
1) Adjust the BIOS to set the first boot device as the drive on which the current system resides
2) Adjust BIOS to disable booting from other devices (CD, USB, Network)
3) Adjust the BIOS to set the security level to setup and the Administrator password
4) Disable Restart Hotkey Ctrl+alt+del to avoid restarting due to user misoperation
~] #vim/etc/init/control-alt-delete.conf (comment out the last two lines)
Second, Grub menu settings
Grub Menu Restrictions:
Unauthorized modification of startup parameters (such as entering single-user mode, changing the root password)
Unauthorized access to designated systems (multi-system)
Password setting method (/boot/grub.conf)
Password PlainText cipher string
Password--MD5 Encryption cipher string
Location of Password Records
Global section (before the first "title")
System Boot section (after each "title" section)
Implementation of GRUB restrictions
Use ~] #grub-md5-crypt command to enter the password interactively, get the encrypted string
Modify the/boot/grub.conf file to add password--MD5 encryption string in the corresponding password record location
Third, terminal login security control
1) Reduce the number of open terminals, you need to modify two files, and two files modified by the number of TTY to be consistent, change the restart to take effect. (6 TTY terminals open by default)
~] #vim/etc/init/start-ttys.conf
such as modifying
Env active_consoles=/dev/tty[1-6] for Env active_consoles=/dev/tty[456]
~] #vim/etc/sysconfig/init
such as modifying
ACTIVE_CONSOLES=/DEV/TTY[1-6] also tty[456]
2) Restrict root login only at secure terminal, modify/etc/securetty comment out useless tty (bulk annotation method: Press CTRL + V to enter the visualization module, press J down to select the line to be commented, press K to select, then press I to insert, press #, then ESC)
3) Prohibit normal user login: Touch a blank file named Nologin, that is, to establish the/etc/nologin file, delete the Nologin file is restored to normal.
Linux system security and its application--system boot and login control