(i) Solution strategy
to the Enterprise interview is a number of competitors, so pay attention to the dimensions and height of the answer, we must direct the second to kill competitors, to fix high-paying offer.
(ii) Solution tactics
web Upload a directory of ways to upload a trojan to linux server, depending on the site from which the malicious person visited the website -->linux system -->http service Middleware services program code storage, layer multiplication protection.
(iii) Answer reference from user access point of view
the developer code limits the upload file type, such as the inability to upload . PHP Program ( JS and back-end code control).
Detection of uploaded content (including text and files) can be detected by program, Web Service layer (middleware layer), database and other levels of control.
control permissions to upload directories and permissions for non-site directories ( Linux File directory Permissions +web Service layer Control).
Access and execution control (Web Service layer + file System storage layer) After Trojan file is passed.
important configuration files, commands, and WEB configuration and other files to do MD5 fingerprint and backup.
install anti-virus software ClamAV and so on, regular monitoring of the Trojan horse.
Configure the server firewall and intrusion detection services.
Monitor server file changes, process changes, port changes, critical security logs, and timely alarms.
(iv) from the perspective of internal management: prevention of the right to be raised
VPN Management Server or Web Management Server.
SSH Monitor the intranet.
Use of Springboard machine, Operation Audit.
sudo centralized management, locking key files.
The site directory, upload directory permissions belong to group control.
Do system and site file backup fingerprint monitoring alarm.
Dynamic password Authentication.
(e) Best users answer
650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M01/8F/41/wKioL1jY8bjTV_u4AAWI_XaFP1o011.png "title=" 1.png "alt=" Wkiol1jy8bjtv_u4aawi_xafp1o011.png "/>
This article is from the "Long Wing blog" blog, please be sure to keep this source http://youjiu.blog.51cto.com/3388056/1910889
Old boy Education daily: March 7, 2017-enterprise interview question and answer: How does Linux server prevent the Trojan horse?